Blog

Online security!

How To Keep Your Personal And Professional Information Safe Online

Technology has become an integral part of our daily lives. As such, we often get comfortable using it and forget that the more it evolves, the more cybercrimes (such as identity theft) will affect our personal security. If you don’t take steps to protect yourself now, you’ll only become a target. Here are some tips on how to keep yourself safe online.

Understand ID theft.

Identity theft is a cybercrime that involves using your personal information to create bank accounts or other legal agreements in your name. Unfortunately, as Mark Medley of ID Theft Resolutions found out the hard way back in 2001, it’s exponentially difficult to recover from this type of violation. Once you understand what it is, you will be in a better position to prevent or react to it in the future.

Know your resources.

Although many states have now enacted ID theft protections, these may not be available immediately. Keeping yourself safe is important, especially when you’re a small business owner and have many people relying on your good name for a job. Take the time to get to know the resources available to you so that you were not skipping out on valuable information or training because of cost or lack of time. Keep in mind that protecting your small business means teaching your employees how to protect themselves from phishing and other scams.

Update your software.

As hackers continue to grow better at their job, so do software developers and app makers. But to combat threats, you need to ensure that your PC and all of its installed apps update automatically.

Stop playing online games.

Determining your cute elf name or what job suits your face the best is all in good fun on your end. But as Snopes and countless law enforcement agencies across the country have warned before, these innocent quizzes are often cleverly-designed to social-engineering scams used to dig for personal information.

Create a strong password (and change it often).

Your password is supposed to be the key that opens up your online world. But like a key to your front door, they are easy to steal — particularly if you do not take the time to create a strong one. This should include at least 15 characters and incorporate numbers, letters, and different cases. You should also change your password often. Remember, it is easier than ever for criminals to hack your password using everything from custom-designed apps to free password cracking tools that are easily available online.

Take precautions when using public Wi-Fi.

Public Wi-Fi is a godsend for people who work remotely or that need to keep up with their friends and family on the go. It is an appealing amenity offered by hotels, coffee shops, and even retail stores. But public Wi-Fi is not without its risks, according to Kaspersky, a US-based adaptive security technology company. The company suggests, among other things, utilizing a VPN and SSL connections if you must browse the internet away from your home network.

The above is certainly not everything you need to know about online security and how to protect yourself from identity theft. But for those of you that are not familiar with the risks, it’s a good start. Remember, the more you know, the more proactive you can be in keeping yourself, your family, and your business safe from the dangers floating around on the World Wide Web.

ID Theft Resolutions can help you protect your sensitive information online or take back your life after ID theft. Contact ID Theft Resolutions today for more information and insight or to schedule your family check-up.

By: Carla Lopez

IRS Launches Identity Theft Central!

WASHINGTON, D.C. — The Internal Revenue Service this week launched Identity Theft Central, designed to improve online access to information on identity theft and data security protection for taxpayers, tax professionals and businesses.

Located on IRS.gov, Identity Theft Central is available 24/7 at irs.gov/identitytheft. It is a resource on how to report identity theft, how taxpayers can protect themselves against phishing, online scams and more.

Improving awareness and outreach are hallmarks of initiatives to combat identity theft coordinated by the IRS, state tax agencies and the nation’s tax industry, all working in partnership under the Security Summit banner.

Since 2015, the Security Summit partners have made substantial progress in the fight against tax-related identity theft. But thieves are still constantly looking for ways to steal the identities of individuals, tax professionals and businesses in order to file fraudulent tax returns for refunds.READ:  Police Looking for Two Men After Carjacking at Exton Square Mall

The partnership has taken a number of steps to help educate and improve protections for taxpayers, tax professionals and businesses. As part of this effort, the IRS has redesigned the information into a new, streamlined page − Identity Theft Central − to help people get information they need on ID theft, scams and schemes.

From this special page, people can get specific information including:

  • Taxpayer Guide to Identity Theft, including what to do if someone becomes a victim of identity theft
  • Identity Theft Information for Tax Professionals, including knowing responsibilities under the law
  • Identity Theft Information for Businesses, including how to recognize the signs of identity theft

The page also features videos on key topics that can be used by taxpayers or partner groups. The new page includes a video message from IRS Commissioner Chuck Rettig, warning signs for phishing email scams – a common tactic used for identity theft – and steps for people to protect their computer and phone.READ:  Police Look to Identify Suspect in Retail Theft at Sephora

Tax professionals and others may want to bookmark Identity Theft Central and check their specific guidance periodically for updates.

This is part of an ongoing effort by the IRS to share identity theft-related information with the public. The IRS continues to look for ways to raise awareness and improve education and products related to identity theft for taxpayers and the tax professional community.

Source: Internal Revenue Service

Share this:

ID theft protections won’t be immediate

SCAM WATCH

Copyright © 2019 Albuquerque Journal

By: Ellen Marks, Albuquerque Journal

Sunday, January 12, 2020

One provision of New Mexico’s new and controversial expungement law gives victims of identity theft a new avenue when someone uses their name to commit a crime.

Victims whose identity has been stolen and whose names have been used when a criminal is arrested or booked into jail can now seek to have those false records expunged.

However, a local expert cautions that there are lots of “loose ends” and unanswered questions about the new law, and it might take some time before a petition for expungement is approved by a court order.

Mark Medley, head of ID Theft Resolutions in Albuquerque, recommends victims continue to immediately pursue a special “V endorsement” on their driver’s license under the state’s existing Identity Theft Passport program.

The endorsement shows law enforcement officers that someone they pull over is a victim of identity theft in case a background check pulls up crimes that were committed in their name. Victims’ names are entered into a state ID theft database, which is accessible only to law enforcement and the state’s Motor Vehicle Division.

And it takes only a couple of weeks, according to Medley’s website.

“That way, you’re protected until your records actually get expunged,” he says.

To seek expungement of arrest and court records, identity theft victims must file a petition with district court and provide information, such as details of the arrest and the case number in which they were falsely named.

Petition forms and other information can be found at nmcourts.gov/ expungement-forms.aspx.

Unlike other types of expungement requests that require a waiting period, ID theft victims can seek a court order at any time.

“It (the new law) is important because it finally gives the victims of identity theft an avenue where they can get their record cleared, especially in criminal identity theft when someone steals a person’s wallet and uses their identity when arrested,” Medley says.

Medley knows all about it. His wallet was stolen at a Summerfest event nearly 20 years ago and his identity was used by someone picked up on unrelated felony charges the next day. He spent years trying to clear his name.

A few years ago, he thought his troubles were over until he went to his usual polling place to vote. After numerous times of trouble-free voting, he was told his name had been deleted from the voter rolls — yet another mess he had to clear up.

Identity theft is a crime with a very long lifespan.

Cybercrime Expert Insights and Tips: Q&A With Justin Feffer

You probably know cybersecurity is a marathon, not a sprint. Law enforcement officials log the big miles. Fortunately, more and more consumers are joining the race.

We talked to Sgt. Justin Feffer, a Los Angeles-based law enforcement officer and cybercrimes investigator, to bring us up to date about cyber threats and what you can do the help protect against them.

Here’s what he had to say.

5 cybercrime questions answered
What does the future of cybercrime and security look like for people afraid of having their information stolen?

Unfortunately, the future looks very similar to our present. I have 14 years of experience dedicated to combatting cybercrime. I still see the same fundamental security flaws contributing to the theft of our most sensitive data. I don’t see the situation improving.

What should internet users be aware of when it comes to protecting their online information long-term? (e.g., cloud storage, permanent email addresses, etc.)

Be sure to do the due diligence needed to pick the right solution. There is very good literature available, including white papers and reviews by researchers and journalists with proven reputations. Don’t pick a solution based upon an ad—particularly a pop-up ad!

Consult with experts who are familiar with the technology you are considering. Most importantly, make sure that the solution you pick has robust security features including multi-factor authentication.

In your opinion, what are the most common cybercrimes that are the easiest to help prevent?

Business email compromise (BEC) and hacked accounts, due to the theft of stolen passwords, are the two most common and easiest cyber-crimes to prevent.

BEC attacks involve the use of targeted emails asking the victim to wire funds for a fraudulent transaction. BEC works because the victim believes the email with the instruction is from someone with authority.

In the most typical attack, the suspect poses as the CEO of the company and sends an urgent email directing the accounts payable manager to pay an invoice via wire transfer by the end of the day. The invoice is fraudulent, and the suspect steals all of the funds sent via the wire transfer.

Businesses must adopt policies prohibiting wire transfers to unfamiliar accounts based upon emailed instructions.

Accounts are most commonly hacked by suspects who use phishing emails to trick the victims into divulging their account passwords. The password phishing attack usually attempts to induce victims to click on a link crafted by the attacker.

These attacks convey a sense of urgency—warning the victim that unless they perform the requested action they will be locked out of their account or otherwise suffer some adverse result. Victims that click on the link are taken to a website that requests their personal information including their usernames and passwords.

You should never rely solely upon a username and password to secure an account. Implement multi-factor authentication (commonly referred to as two-step verification) to secure your accounts. That way even if a password is stolen the suspect won’t be able to log into the account without access to the second factor.

Have computers made finding cybercriminals easier or more difficult? Why?

Computers and modern technology have proven a double-edged sword in the fight against crime.

Modern surveillance cameras, license plate readers, geolocation services and other technological tools have proven to be extremely helpful to law enforcement in finding criminals of all types.

On the other hand, tools such as TOR (The Onion Router), dark web marketplaces, crypto currencies, robust mobile device encryption, and encrypted communications services have created extreme challenges to law enforcement.

These types of technology can often make it impossible for law enforcement to obtain needed evidence even if they have the proper legal authority and compelling need.

For example, a suspect could have 1 million stolen credit cards on his iPhone, and even if law enforcement seizes the phone and has a search warrant to search the phone, they will not be able to access the phone unless the user provides the passcode.

This type of problem was demonstrated very dramatically in the 2015 San Bernardino Inland Regional Center terror attack when the FBI attempted to analyze the terrorist’s locked iPhone.

Do you recommend any third-party tools individuals can use to privately access the internet, transfer data, or securely delete data?

I find that the most important third-party tools include the following:

Reputable Virtual Private Network (VPN) services allow users to safely access the Internet when working remotely from known secure networks.
Reputable cloud-based file transfer services allow users to safely transfer files to fellow employees and colleagues.
Reputable full disk encryption tools can be used to encrypt portable media such as USB drives to prevent data theft if the devices are lost or stolen.

McAfee expands beyond antivirus to identity theft protection!

McAfee’s core focus has been providing antivirus software to more than 375 million customers, but now the company is adding new partnerships to fuel further growth.

The company is announcing today that it is expanding into the identity theft protection market. The idea is to provide protection in the areas of the connected home, online safety for kids, privacy, and now identity theft protection. It’s a recognition that today’s threat landscape is growing in all facets of digital life.

In the wake of some massive data breaches, the McAfee Identity Theft Protection lets users take a proactive approach with personal monitoring, financial monitoring, and recovery tools. McAfee made the announcements at CES 2018, the big tech trade show in Las Vegas this week.

McAfee is also providing the security for a new D-Link Wi-Fi router that will automatically protect users’ connected home devices.

And the company is protecting Samsung Secure Wi-Fi with backend technology for Galaxy Note8 customers in Europe.

The latest products and services include McAfee Identity Theft Protection, McAfee Secure Home Platform, McAfee Safe Family, and McAfee Safe Connect. The company is partnering with a variety of hardware, software, and broadband providers to keep customers safer.

“Data breaches are increasing in volume and therefore calling into question who consumers can rely on to keep their personal information safe,” said John Giamatteo, executive vice president of consumer business group at McAfee, in a statement. “Today, McAfee is trusted by 375 million consumers worldwide to protect what matters most — whether that is their devices, their child’s online safety, or their identity and privacy. McAfee is a name synonymous with cybersecurity, one that consumers can depend on to continue to evolve and innovate to put consumer minds at ease when digital security uncertainty is high.”

People are aware of cybercrime and concerned about their own cybersecurity, but a survey released last week by McAfee reveals that most consumers aren’t as proactive about protecting themselves as they should be.

The survey found that 61 percent are more concerned about cybersecurity today than five years ago, but only 37 percent say they use an identity protection solution, and only about 33 percent say they consider protecting their identity as their No. 1 cybersecurity priority.

McAfee revealed findings from its survey, “New security priorities in an increasingly connected world,” that showed many consumers are not taking proactive steps to keep their personal information protected from identity theft.

The identify theft protection features McAfee announced today include scanning the online black market and the Dark Web and then alerting users when their personal information is at risk.

McAfee also has a Social Security Number Trace, which delivers reports of known aliases and addresses tied to a users’ social security number so they can review them for potentially fake identities.

The credit monitoring feature sends reports based on lending and credit history and alerts users if there are any changes to their creditworthiness. It also has dedicated agents accessible around the clock.

The new D-Link AC2600 Wi-Fi router powered by McAfee provides consumers with automated security for devices on the home network. It features adaptable machine learning, parental controls, and protection for internet of things devices (such as Wi-Fi security cameras).

Peace of Mind

Peace of Mind
Shred Shop adds layer of security with HIPAA certification
Aisling Maki

Medical identity theft is the nation’s fastest-growing form of identity theft, with about 2.3 million cases in 2014 alone, according to Consumer Reports. If an individual’s health insurance is used by someone else for doctor visits, procedures, or procuring medications and devices, the ramifications can be costly and can destroy the victim’s credit. The patient can also be denied coverage if caps are reached, for example.

The Federal Trade Commission recommends consumers keep paper and electronic copies of their medical and health insurance records in a safe place and shred outdated health insurance forms, prescriptions and physician statements.

Many individuals and health care providers alike look to document destruction and secure storage professionals like Shred Shop of Memphis, 318 Collins St., for peace of mind.

Other industries that use Shred Shop to manage confidential information include law firms, accounting firms, government agencies, schools and small businesses. Customers can watch while their documents are weighed, shredded and baled for recycling.

“We try to fill a niche that the larger companies can’t do mainly because of their size,” said Brenda Allen Huff, who founded Shred Shop, an independent and certified woman-owned business, in the fall of 2005. “It’s very hard to take care of residential and the really small jobs. It’s just not cost effective for their big trucks and all. But we have done a six-pound pickup and we’ve done a 41,000-pound pickup.”

Huff said customers appreciate watching the destruction process, but with medical identity theft on the rise, she wanted to go the extra mile for her clientele in the local health care industry. This meant becoming formally compliant with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which provides data privacy and security provisions to safeguard medical information.

“I decided it was time we get the formal certification,” Huff said. “It wasn’t that we weren’t as careful as we could be before, but this allowed us the formal training – that extra layer of security.”

Shred Shop is a member of National Association for Information Destruction (NAID). Through her contacts there, Huff became aware of Tom Dumez of Prime Compliance – also known as “The HIPAA Man.”

Michigan-based Dumez is a certified security compliance specialist who provides consulting services to information destruction companies and their clients to help them in matters of HIPAA compliance. He usually trains companies larger than Shred Shop.

Huff was unable to locate a local trainer. Dumez’s services came with a sizeable price tag and required her to fly him from Michigan to Memphis, but Huff believed the HIPAA compliance training and certification would be beneficial for her many health care industry clients.

“It was quite a bit of money to have him come, but I think it was well worth it,” she said of Dumez, who provided a risk assessment and made suggestions for improvements to protect sensitive client information. Those suggestions include limiting exposure and fine-tuning chain-of-custody procedures.

“We’re taking anything he says seriously and trying to make those changes to reduce any risk of anything going wrong,” Huff said. “He provided the policies and procedures and he’s there – available to us to answer any questions throughout the year.”

Kelly Dobbins, president at Mid-South Drug Testing Inc., 950 Mount Moriah Road, said her company is required to store background checks for at least seven years. She relies on Shred Shop for its secure storage services and its hard drive removal and destruction services – a recent addition.

“A lot of people don’t think about their hard drives and the fact that they shouldn’t be giving their computers away to anyone unless you’ve removed that hard drive,” Huff said. “You could have all of your medical information on there, too, so it’s a dangerous thing to let a hard drive get out without being destroyed. People can make a lot of money off medical records. We’re trying to make it easier and cost effective for people to destroy that information, too.”

Dobbins, who has known Huff for about a decade, said that, as a small business owner, she prefers doing business with other local small business owners and she’s been pleased with Shred Shop’s services.

“Our documents at Mid-South Drug Testing contain confidential information,” Dobbins said. “We don’t want anyone to have access to our records, and being HIPAA compliant means the Shred Shop has taken yet another step in security. They will also be able to destroy files and hard drives in a manner that is complaint with HIPAA.”

Credit Freeze and Security Freeze

Regarding credit freezes, one must do so with each of the three. The below information is from each bureau to assist in understanding and also has on-line freeze request.

Experian
If you are 65 years of age or older the fee will be waived. To request a security freeze, log on to www.experian.com/freeze or send all of the following via certified mail to:
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

Include full name, with middle initial and generation, such as JR, SR, II, III, etc.; current mailing address and previous addresses for the past two years; Social Security number; and date of birth (month, day and year). In addition, enclose one copy of a government issued identification card, such as a driver’s license, state ID card, etc., and one copy of a utility bill, bank or insurance statement, etc. Make sure that each copy is legible (enlarge if necessary), displays your name and current mailing address, and the date of issue (statement dates must be recent). We are unable to accept credit card statements, voided checks, lease agreements, magazine subscriptions or postal service forwarding orders as proof. To protect your personal identification information, Experian does not return correspondence sent to us.

TransUnion
If you believe you qualify for a free Security Freeze due to your age, please send us verification of your date of birth with your Security Freeze request. Acceptable forms of verification include one of the following documents that show your date of birth: a birth certificate, driver’s license, state identification, or some other legal document indicating date of birth.

Mail:
TransUnion LLC
P.O. Box 2000
Chester, PA 19016

Equifax
The easiest and fastest way to place a security freeze on your Equifax credit file is via our online process found at the following link.
https://www.freeze.equifax.com

If you choose, you may also request a security freeze by calling our automated line at 1-800-685-1111 (NY residents please call 1-800-349-9960) or submitted your request in writing to:
Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348

Please be sure to include the following:
– Your complete name including any suffix (e.g. JR., Sr., etc)
– Complete address
– Social Security Number
– Date of Birth

For your protection, please also send some proof of identification. See “Acceptable Forms of Identification for Verification”.

NEW MEXICO RESIDENTS 65 AND OLDER DO NOT HAVE TO PAY THE FEE TO FREEZE CREDIT.

Below is the relevant site for each of the three: Experian, Transunion and Equifax, as well as an FTC site with facts regarding freezing credit reports. In some instances you can freeze your information through on-line access. Or, you can send a letter requesting same.

https://www.transunion.com/credit-freeze/place-credit-freeze
https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

You’re Never Too Safe from Identity Theft!

Recent data breaches underscore the importance of protecting yourself.

MoneySmart
By Grace S. Yung

It would be difficult not to notice the growing number of data breaches affecting seemingly “secure” entities, including Anthem, Yahoo, JP Morgan Chase, and even the IRS.

While all data breaches are alarming, the recent Equifax hack—with almost half of the U.S. population affected—means the chances are good that criminals have at least some of your sensitive information.

When it comes to identity theft, one of the first questions people ask is whether they’ll be responsible for fraudulent charges.

Federal law caps your liability at $50 for unauthorized credit-card charges—and, depending on your card issuer, you may not be responsible for anything.

For debit/ATM cards, the amount of liability depends on how quickly you report the theft. If you report the card being lost or stolen within the first two days, you may only be responsible for $50. However, if you wait up to 60 days, you could find yourself responsible for $500—and if you wait more than 60 days, there is no limit to your liability. With that in mind, be sure to check your credit- and debit-card statements and report any evidence of fraud immediately.

After reporting suspected fraud, it is also important to place a fraud alert on your credit reports by contacting one of the three major bureaus—Equifax, Experian, or TransUnion. This is basically a “red flag” notifying creditors and lenders that they need to take additional steps to verify your identity before extending any credit. An initial fraud alert is free, and will remain in place for 90 days.

If your Social Security number has been compromised, be sure to contact the Social Security Administration. Even if the perpetrators haven’t moved forward with any activity, they could be planning to file a fraudulent tax return in the future.

Finally, if you become a victim of identity theft, you should file a report at your local police station.

In terms of proactive measures, identity-theft insurance can be a good way to monitor your credit and accounts, as well to restore your identity and mitigate financial damage if you become a victim. With most plans, the legal fees and other expenses directly associated with reclaiming your identity will be covered. Other common coverage includes lost wages due to time taken off from work to deal with identity theft.

The main carriers of identity-theft coverage include LifeLock, Privacy Guard, ID Shield (an affiliate of Legal Shield), ProtectMyID, and ironically, Equifax. Because coverage varies greatly, it’s recommended that you look at several options.

Although there is no way to guarantee protection from identity theft, there are several other steps you can take to prevent it, including:

• Changing your email and account passwords frequently;

• Having a two-step login/authentication on your email and other online accounts;

• Creating passcodes and adding emergency contact info to your mobile devices;

• Having a special email account for banking and other financial information;

• Changing the default settings on your Internet router;

• Installing a virtual private network (VPN) on your tablet, laptop, and/or other devices that you use in public places;

• Running anti-virus software on all devices;

• Not opening emails or clicking on links unless you recognize the sender;

• Having email and/or text alerts set up for your financial and credit-card transactions;

• Maintaining strong privacy settings on social-media accounts, and not posting your home address or information about when you are on vacation;

• Making sure that you back up all data on your devices in two places—a physical, external hard drive, and in the cloud;

• Putting a security freeze on your credit files with the three major credit bureaus;

• Regularly checking your children’s Social Security numbers to ensure no one is using them;

• Setting up automatic updates for your online programs and apps.

To learn more about protecting yourself from the growing threat of identity theft, talk with a professional who can provide you with guidance and resources. It can be well worth it to put protective measures in place, because when it comes to your personal information, you can never be “too safe.”

This article appears in the November 2017 edition of OutSmart Magazine.

A Warning About Your Boarding Pass!

WARNING
You should be very careful with your boarding passes for flights. The bar code on the pass can be used by identity thieves to obtain your personal and frequent flyer account information. You should retain these boarding passes until you are in a position to shred or otherwise destroy in a complete manner.

What Do You Know About Wire Fraud?

What Do You Know About Wire Fraud?

What Do You Know About Wire Fraud?What is wire fraud?

Wire fraud is an act of fraud that uses electronic communications, such as making false representations on the telephone or via email, to obtain money.

How does wire fraud work?

Wire fraud occurs when a fraudster obtains money based on false representation or promises.

For example, you may receive wire instructions which appear to be from the settlement agent or attorney, when in fact they are from a fraudster.

Recommended precautions to protect yourself from WIRE/ACH Fraud:

 Do not share your online banking logon credentials (user ID and password) with anyone.

 Do not share your account number with anyone who does not need it.

 Never access your bank account using a public computer (e.g., at the library or a hotel business office)

 Monitor your accounts regularly for unauthorized transactions.  Report any unauthorized transactions to your bank immediately.

 Be suspicious of emails from free, public email account domains as they are often a source of risk.

⇒  Watch out for phishing emails with embedded links, even when they appear to come from a trusted source.

⇒  Install a firewall on your computer to prevent unauthorized access.

⇒  Be skeptical of any change in wiring instructions.

⇒  Confirm wire and other disbursement instructions received by email via confirmed telephone at a known or independently-confirmed number, not the telephone number at the bottom of the email.