How to stay safe after the Equifax data breach

Equifax disclosed last week that the personal financial information of up to 143 million users had been exposed in a massive hack last July. This represents roughly two-thirds of all credit card holders, so you may be affected.

The delay in disclosing is troubling, and the hack raises questions about oversight of the credit bureaus and even about the impact on their management. We can see the impact on investors: the Equifax share price has dropped over 20%

While we can discuss these issues and more, the priority is shoring up your personal credit.

Impact

Was your data taken? There are links from Equifax, Norton and others where you can attempt to determine the impact on you personally. However, these sites seem to default to “you may be affected,” even if you put in bogus information.

The good news is that Equifax has responded to consumer pressure to make certain services free.

Act now

You will want to act as soon as possible to keep your financial information safe.

“There are so many entities who need to check your credit: when you’re renting an apartment, getting insurance, a new cell phone, utilities,” Liz Weston, a financial planner and columnist at NerdWallet, told BuzzFeed News. “But at this point the breach is so great” that taking measures to safeguard your identity is worth it. She recommends instituting credit freezes.

Equifax free service – sign up on line for the complimentary service being provided by Equifax, which provides the following:

  • three-bureau credit file monitoring with alerts,
  • credit report lock,
  • scanning of suspicious sites for use of your social security number,
  • Equifax credit reporting, and
  • $1 million identity theft insurance covering certain out-of-pocket expenses.

Monitor your cards – review your monthly credit card, bank and loan statements for suspicious activity. You have a right to free credit reports so obtain them and review for unauthorized activity.

Also, watch for unexpected calls or mail, such as debt collectors or people posing as IRS agents, because these may be signs that your information may be in the hands of thieves.

Credit freeze – request a freeze on your credit from all three agencies: Equifax, TransUnion, and Experian. Equifax will not charge you but the others will.

Requesting a credit freeze prevents thieves from using your identity to get loans or credit cards in your name, even if your personal information was compromised by the hack. You essentially pay to bar each of three credit reporting agencies — Equifax, TransUnion, and Experian — from providing a credit report without both your explicit permission and a personal identification number (PIN) that temporarily lifts the freeze. (Freezes do not affect financial institutions or companies you have an existing relationship with, only new ones.)

Make sure to place the freeze with all three bureaus and to keep your PINs for unlocking the freezes in a safe place.

“A credit freeze with only one bureau is incomplete protection,” Mike Litt, the consumer program advocate at the US Public Interest Research Group, a consumer group, said. Consumer experts recommended getting a freeze with all three agencies.

There are companies such as LifeLock that provide bundled services. If cost is not an object, that may be the best course of action. Here is the Lifelock response on Equifax.

Fraud alert – if you are certain that your information has been taken, place alert all three credit bureau websites. You can access the TransUnion site here. Some protection is free, but their premium package costs $9.95

If you are the subject of identity theft, there are many resources now that help you report and recover. The Federal Trade Commission website can help devise a recovery plan to implement.

PINs and passwords – the passwords and PINs you use could be the next issue. You may want to change what you use now and update annually, if not more often.

Updates – Equifax continues to provide updates on the status of the hack and their response.

And news sites continue to report on the hack – see this NY Times article.

Summary

There are many steps to take, and the information taken may not be used for some time. So, you will want to take some if not all the steps outlined above. If you have trouble doing so, or if you have questions, let us know.

And for more reading, the Better Business Bureau is one resource for tips on avoiding scams. And, the FTC is a good resource for identity theft.

Good luck and stay safe!

Data and Document Security; Protect Your Stuff!

There are now more tools available than ever to help you organize, access and protect your sensitive data and documents.
man-1187170_1280Well that’s a scary image …

Mobile Devices
The amount of information we store on our mobile devices is staggering: emails, personal contacts, client contacts, banking information, music, and pictures represent only a fraction. You can easily protect this data by enabling the password service, or, in the case of the newer iPhones and iPads, by enabling the fingerprint recognition software.

We have become heavily dependent on these devices that, if we lose them or they malfunction, we could spend days trying restore or replace the data on the device. To protect against this potential headache, you should back up the device regularly. You can also shift more application content to cloud services such as iCloud or G Cloud.

Computer Safety
If you know the sickening feeling of losing an important file that you saved on our computer, then you know you do not want to risk losing all the data on your laptop. That’s why we recommend backing up your important files to an external hard drive, remote server, cloud storage or online back-up program. Some of you may want to make the backup occur automatically, so that all files are stored on a regular basis. Others may prefer to do so manually. If so, be sure to set a reminder that works for you so that you frequently safeguard as much of your important data as possible.

In addition to backing up your files regularly to an external location, we recommend you install anti-virus and malware software. When you buy a computer, an anti-virus program is often included. Make sure the virus definitions are updated constantly. Also, you can add more projection for free, such as Malwarebytes.

Original Documents
There are certain documents that deserve an extra level of security, like original copies of your estate plan (link to planning) for the inevitable. For these documents that hold significant legal and personal importance, place them in Ziplock bags to prevent water damage and store them in either a fireproof safe or a safety deposit box.

Conclusion
Taking these small steps each of you can take now to protect your tax and financial information will prove invaluable if the unexpected occurs.

Scam update for more on Cyber-Attackers, Cloud Computing – be Vigilant!

We wrote before about the need for vigilance to protect you from cybercriminals. We drew on input from Norton Antivirus about social media scams. In this post, we draw upon the Kiplinger’s Tax Letter and SingleHop.com site.

IRS e-mails – You might not think that tax preparers would fall for e-mail scams, but some do. The 2-27-15 Kiplinger’s Tax Letter describes use of bogus e-mails asking professionals to “update their IRS e-services accounts and their electronic filing ID numbers plus provide personal data.” As we have said in prior posts, the IRS categorically states that they do not send out e-mails.

Cloud Computing – SingleHop is a company endeavoring to be private cloud experts. They champion users holding cloud servers accountable for maintaining high level, monitored and updated security for all client files. Their recent newsletter notes that over 250,000 complaints were filed with the FBI’s Internet Crime Complaint Center (ic3.gov) in 2013 alone, of which over 20% were under age 30. (For more on how “private cloud” computing fits in the internet infrastructure, here is a helpful SingleHop page: [[https://www.singlehop.com/private-cloud-hosting/|SingleHop site]])

They caution you not to rely on links from e-mails to the websites you frequent. Instead, they encourage you to create bookmarks for these websites to ensure that you are logging onto the site you intend. They also favor sites that use two levels to authenticate you before granting access to personal information. “With such methods, after logging in with your password, the site will text or email you a single-use code that must be entered. Only the registered phone number or email address will receive the code, making it that much harder for hackers to gain unauthorized access to your accounts.”

Scam Update – With the cautions from both sources in mind, we updated our post, to help you remain vigilant:

//Hidden URLs// – Those shortened URLs are convenient, but they may be links to websites you don’t want to visit, or worse, they could install malware on your computer. SingleHop admonishes, “Especially look out for slightly misspelled words or words that use unexpected characters, such as substituting a “0” (number) for a “0” (letter) — for example, HOME DEPOT. If something looks even a little bit fishy, delete the email or close the site immediately.”

//Phishing Requests// – When you get an invitation to click on any link, think twice. When you click, you may be taken to a fake Twitter or Facebook or to a bank, credit card issuer, or another financial institution login page. SingleHop says “Phishers will design their sites to look exactly like the website of your” institutions. If you fall for the fake website, and enter you username and password, the cybercriminals can use your information on the real website to gain complete control of your account.

//Hidden Charges// – Be wary of those online quizzes that offer to tell you interesting information about yourself like which 1960s sitcom star you resemble. If the quiz asks you for personal information, such as your phone number, stop. If you continue, you many end up subscribing to some service that charges a recurring monthly fee.

//Cash Grabs// – It’s great to make new friends, but maybe not by “friending” strangers on Facebook. That person you just friended on Facebook may soon be asking you for money. You can avoid this situation by limiting your social media connections to people you know personally. Ignore friend requests when you do not know the person and have no friends in common.

//Chain Letters// – Sure, you want to be sure that Microsoft will donate the millions it promised to some worthy charity if you keep the online chain letter going. However, such “chain letter” e-mails are a way for spammers to access your friends to connect with them later. Also, you never know to whom your friends will forward the letter.

Sites that are popular with users are popular with criminals, so remain vigilant when you are on line, and, of course, keep your antivirus and anti-malware software up to date. Be wary and think twice before clicking on a suspicious link!

On-line Scams – some to look out for to protect your finances

Our society today has growing appetite for social media and most of us use it for legitimate purposes: connecting with our friends, pursuing our hobbies or building our businesses. Unfortunately, part of the population has a more insidious use for social media: they want to scam you. Thankfully, a little vigilance can go a long way in protecting you from these cyber criminals. Here is one list you can use, from Norton Antivirus, showing the top five social media scams:
1. **Hidden URLs** – Those shortened URLs are convenient, but they may be links to websites you don’t want to visit, or worse, they could install malware on your computer.
2. **Phishing Requests** – When you get an invitation to click on a link to see a picture of yourself at some wild party, think twice. Once you click, you’re taken to a fake Twitter or Facebook login page where you enter you user name and password. Doing this gives the cyber-criminals complete control of your account.
3. **Hidden Charges** – Be wary of those on-line quizzes that offer to tell you interesting information about yourself like which 1960s sitcom star you resemble. If the quiz asks you for personal information, such as your phone number, stop. If you continue, you many end up subscribing to some service that charges a recurring monthly fee.
4. **Cash Grabs** – It’s great to make new friends, but maybe not by “friending” strangers on Facebook. That person you just friended on Facebook may soon be asking you for money. You can avoid this situation by limiting your social media connections to people you know personally.
5. **Chain Letters** – Sure, you want to be sure that Microsoft will donate the millions it promised to some worthy charity if you keep the on-line chain letter going. However, such “chain letter” e-mails are a way for scammers to access your friends to connect with them later.
Sites that are popular with users are popular with criminals, too. Be vigilant, keep your anti-virus and anti-malware software up to date and think twice before clicking on a suspicious link!

Be wary of these scams – IRS and investments

It seems that we hear of a new internet or phone scam on a weekly basis. These scam artists are getting bolder and more sophisticated with each new endeavor. So, we wanted to alert you to a few new ones where the scammers are pretending to be IRS agents and financial planners.

**Taxpayer Scams**
This past year, the IRS issued a strong warning to consumers against an aggressive telephone scam. The scammers call taxpayers to inform them they owe outstanding taxes and demand payment over the phone. To lend to their credibility, the scammers will have the last four digits of the taxpayer’s social security number. If the taxpayer refuses to make a payment, the caller threatens the taxpayer with jail time, loss of driver’s license and, in some cases, deportation. When the taxpayer refuses to provide this information, the scammers call back pretending to be a local police officer.
If you receive one of these calls, the IRS requests that you take these steps:
• “If you know you owe taxes or you think you might owe taxes, call the IRS at 1.800.829.1040. The IRS employees at that line can help you with a payment issue, if there really is such an issue.
• If you know you do not owe taxes or have no reason to think that you owe any taxes (for example, you’ve never received a bill or the caller made some bogus threats as described above), then call and report the incident to the Treasury Inspector General for Tax Administration at 1.800.366.4484.
• If you’ve been targeted by this scam, you should also contact the Federal Trade Commission and use their “FTC Complaint Assistant” at FTC.gov. Please add “IRS Telephone Scam” to the comments of your complaint.”
The IRS wants you to know that they never initiate contact with taxpayers via email to request personal or financial information. They also never ask for PINs, passwords or similar confidential access information for credit cards, banks for other accounts. If you receive an email claiming to be from the IRS, you should forward it to phishing@irs.gov.

**Investor Scams**
The Financial Industry Regulatory Authority (“FINRA”) recently published a warning to registered representatives about three different scams where registered representatives may be subject to “Firm Identity Theft”.
The first scheme involves scammers fraudulently using the identity of legitimate registered representatives and brokerage firms to con investors out of their money by building websites that mirror legitimate websites of broker-dealers and registered representatives. The scammers claim they are registered with FINRA and SIPC. Victims who fall for this tactic are tricked into making payments or investments through the site. The scam artists collect the money and then disappear.
The second one puts a new twist on an old tactic by perusing international investors with and “advance fee scheme” or “mirror fraud.” Again, scammers use the identity of a legitimate broker-dealer and contact investors with an attractive offer. Examples of these offers include lifting a stock restriction or purchasing investors’ shares for an amount significantly above their market value. In return, the investor is asked to pay certain fees and expenses in advance. Once the investor has paid the fees, the fake broker-dealer steals the money and disappears.
The last scheme involves fraudulent checks. The scammer, using the stolen identity of a registered broker-dealer, contacts a customer is an attractive offer, like offering to overpay for an item on Craigslist. When the scammer sends the check, it’s for a much larger amount than the agreed-upon price. The scammer then requests the seller to mail the difference back to the scammer. In an effort to convince the customer of the stolen identity, the fraudster will use the broker-dealer’s true address as the return address on the mail sent to the customer. Believing they are dealing with a real broker-dealer, the customer is persuaded to send money. But, when the seller cashes the original check, it bounces.

Protecting yourself from these scams requires vigilance. If someone contacts you with and offer that’s too good to be true, it likely is!