Identity Theft Prevention

Avoiding Common Pitfalls

The IRS Scam Phone Call

During tax season, and even most recently during the summer months, there is often a surge of scam phone calls regarding delinquent tax payments, outstanding debt, or other such emergency.  The United States Internal Revenue Service published this article on their website warning taxpayers not to fall for these tricks:

https://www.irs.gov/uac/irs-warns-taxpayers-of-summer-surge-in-automated-phone-scam-calls-and-requests-for-fake-tax-payments-using-itunes-gift-cards

 

RFID Chips in Credit Cards

With the introduction of services like Apple Pay, retail stores now allow you to pay by "swiping" your mobile device in front of a special reader.  Prior to this, credit card companies introduced an easy pay system in the form of a credit card embedded with a special microchip that transmits your info, and arranges the payment transaction.
Examples of companies that use RFID (Radio Frequency Identification) include MasterCard (PayPass), and Chase (Blink), with several more in operation.  While convenient, there are drawbacks in that the chip is an active transmitter, and the radio waves, though only able to travel a short distance, can be captured if an ID thief wanted to do so.  The video below demonstrates just how this is done.  (courtesy YouTube / Inside Edition)  

 

General information about PHISHING scams

There is a growing scam which is taking place known as phishing (pronounced ‘fishing’).  It initially became prevalent with the introduction of AOL in the 1990’s and basically refers to any way in which an unscrupulous individual tricks someone into giving them their password or other personal information.

The most common form used today is an e-mail which appears to come from a bank or financial institution.  This e-mail looks EXACTLY like the communications which you may receive from your bank, but actually redirects you to an EXACT replica of your bank’s site which is run by hackers.  To aid in the scams, some of the messages even say things like “You need to verify your account information to protect against identity theft”.  If you were to follow the instructions and input your account information, there would be a very good chance of having your identity stolen.

Here are some tips to prevent this type of fraud.

  • Do not click on links in e-mails which appear to come from financial institutions or which request personal information.  If you use Internet banking sites, manually type in the address given to you by the print literature you received from the institution.  You can then make a bookmark or favorite for future use.  Only use this method for accessing the site and make sure that the address is entered correctly with no mispellings.
     
  • It does not hurt to enter your correct username and an incorrect password once.  If you are truly connected to your financial institution’s site, it will recognize the fact that you provided an incorrect password and reject your connection.  If the site is operated by hackers, it will accept the incorrect password and allow you to continue.
     
  • Make sure that you have up-to-date virus protection software (i.e. Symantec or MacAfee ) and it is also good to run a spyware removal tool such as spybot (available free at http://www.safer-networking.org) on a regular basis.

For more information on phishing, please refer to the Federal Trade Commission:  http://www.ftc.gov/bcp/edu/multimedia/ecards/phishing/

You may also visit the following link for additional tips: https://www.comparitech.com/blog/information-security/how-to-spot-a-fake-spoof-or-phishing-email

 

THE TECHNICAL SUPPORT COLD CALL IS BECOMING A MAJOR PROBLEM! - Some companies have been taking advantage of "phone tech support" to scam users into giving out their personal information or remotely controlling their PC.  For example, you might get a call from a person claiming to be support for the Windows Operating System.  He then proceeds to take you through the process of looking through your computer's error logs, and relating them to virus-like activity, when in fact such errors or warnings don't always relate to a virus.

While we also use Remote Access software, we will always confer with a client via other means before deciding to set up a session.  And, the user has the ability to cancel the session at any time.

Watch a typical "scam" unfold in the video below, courtesy of a real Microsoft Certified professional, Troy Hunt.  He sets up a computer specifically to have a support company 'fix' it, noting that there were NO actual problems on the PC.

If you want to see another example of a scammer caught in its tracks by Mr. Hunt, you can check out the video on Youtube and related blog post:

http://www.youtube.com/watch?v=kjKjyMKj3n4

Remember that Ruggiero AV Services will never cold-call a consumer for a support issue; our corporate customers are the exception since we do monitor key systems as part of our service with them and will issue alerts when required.


AND THE PASSWORD IS . . . ? 
Long, complex, yet easy to remember passwords are the key to a personal "security system" both online and offline.  The general rule of thumb is that passwords should not contain dictionary words, but they SHOULD contain a mix of letters, numbers, and symbols, and be at least 6 to 8 characters in length.  Here are two websites that allow you to check your password; the first is a general "strength meter", while the other focuses more on the obscurity of the password, and lets you know how long it would take to "crack" it under different scenarios.  How secure is your password?

COMPARITECH - PASSWORD STRENGTH CHECKING
https://www.comparitech.com/privacy-security-tools/password-strength-test/

GIBSON RESEARCH CORPORATION - PASSWORD HAYSTACKS
https://www.grc.com/haystack.htm


Easier Than You Think?

The majority of information on this page deals with methods of preventing or removing malicious computer programs or websites that are designed primarily to harvest your personal information -- from finding out where you like to surf on the Internet and your personal online shopping habits, to the actual account information linked to your bank and credit cards.  Most of the time, these websites work because they rely on "social engineering" - the fact that you trust a name like E-bay or the company associated with your credit card makes the websites associated with those organizations easy targets for spoofing.  Besides the "new rules" for keeping your information safe online, there have always been traditional rules that come into play when dealing with personal, private information, and performing tasks associated with that information.  An example of what NOT to do follows...

One afternoon in February, 2006, I was riding a public bus, and a lady was sitting behind me on her cellular phone.   She was speaking quite loudly, and although there was a general din of conversation among the other passengers, her voice was easily heard and understood, at least to a person sitting directly in front of, behind, or even next to her.  Apparently, this woman's regular land-line phone had been turned off, and she was speaking with the phone company in an attempt to get it re-activated.  I was actually only half-paying attention to her conversation, BUT my ears perked up even more when she asked if she could make a payment right then and there.  You can probably guess what came next.  All at once, this lady (whose name was Daphne) proceeded to give her debit card number, personal PIN number or password, and a home address to the person on the other end of the line, seemingly unaware that she was also vocally broadcasting that information to anyone in earshot!  I am sure she could have waited until she was in a more private location before she rattled off her private account details to the customer service representative and thus the majority of the passengers on the bus. 

Believe me, I am NOT the kind of person who would use that kind of information, and frankly my brain has more important things to remember - by now I have pretty much forgotten whatever details were exchanged.  But the fact remains, another more unscrupulous person COULD have taken note of everything she said verbatim, and used that information to do some serious damage.  So again, along with the rules of cyberspace, we have the rules of public space... DON'T REVEAL PERSONAL INFORMATION IN PUBLIC.  Keep personal account numbers, PINs, and passwords completely private.  And If you MUST speak on a cellular phone with someone who requires personal information, make certain you are in an area where you will not be overheard.

Daphne, I hope you are safe on Salem Road!

 

ADDENDUM: THE FUNNY SIDE TO IDENTITY THEFT?

In 2006, CitiBank promoted its identity-theft solutions on television.  It is fantastic that a company is taking such an active role in monitoring customers' accounts, and providing real-time assistance in the case of problems.   I have made use of their services and have been notified by their automated early-warning systems when I charged a large purchase or several small ones in succession.  Also, although most may disagree, and the sheer act of identity theft remains a big problem, I think it is great that Citi has chosen to approach their ads with a bit of humor.  Check out a sample of their 2006 ad campaign.