Thu, Nov 15, 2018

Identity Theft and Cyber Scams for the 2018 Holidays

Ho Ho Ho….. Oops!

While you and I think about the countdown to Christmas and other end-of-year holidays, computer criminals are also thinking … about how to hack our accounts and create scams that pay for their holiday presents. Here are some of the latest scams.

Frequent Flyer Follies

There are billions of unused frequent flyer miles out there from domestic and international airlines. You may protect your bank account by checking it regularly for unusual transactions, but how often do you check your frequent flyer accounts?

Most people don’t fly enough to accumulate huge balances, but cyber criminals are all about grabbing what they can. They consolidate miles from legitimate accounts into newly minted accounts, from which miles can be sold on dark web marketplaces. These thieves are experts in the airline’s rules for mileage transfers. They sell the miles (which they can transfer into an account controlled by the buyer) for a lot less than the airlines would charge you.

It’s unlikely that the miles would be used for tickets because of the problem of having identification. However, frequent flyer miles can be used for ordering merchandise and getting discounts from program partners.

Beware of Booking Scams for Holiday Rental Properties

If you are traveling for the holidays and renting an Airbnb or using another property rental service, please verify the legitimacy of the company before you book and submit payment. You may not have a place to stay when you reach your destination!

Scammers Continue to Improve Their Email Spoofing Skills – Think Twice Before You Click 

Consumers are constantly being tricked into giving up their personal information. As the holidays are a hectic time of the year, it’s even easier to get distracted and fooled into clicking on a link in an email that looks to be from a trusted online store, bank or retailer. This is especially likely to occur if you are ordering the majority of your gifts online and receiving multiple shipping confirmation emails and offers for discounts during the holidays.

No, It’s Not Your Neighbor Calling to Sell You a Home Solar Power System

You get a phone call on your home or mobile phone. The calling number is not only in your area code, but the first three digits are also the same as yours. It must be from a neighbor, right? Nope. It’s most likely originating in an overseas call center and the caller wants to have a heart-to-heart talk about installing solar panels on your home, or giving you a better credit card, or those viruses that the caller’s company has found on your computer.

Of course it’s actually a call from international cyber criminals (and marketers) manipulating the phone system to put the number and name of a neighbor in the caller ID of your phone, making it more likely that you’ll answer. Some consumers have reported getting phony calls that appeared to come from their own phone number. Whatever it is callers are selling, why would you even consider doing business with an organization that has to falsify its caller ID to contact you? People fall for this every day. Don’t you be the next victim!

Arrest Warrant Notification by Robocall? Not Likely!

Scammers use robocalling methods to leave a recorded message claiming to be law enforcement on a consumer’s voicemail. The scammers state that there are several warrants out for the consumer’s arrest and to call a particular phone number to rectify the issue immediately. The scammers then demand payment to make the warrants and subsequent jail time go away.

Before You Install That Bank App on Your Phone, Be Sure It’s Really From Your Bank

There have been a number of recent cases in which unsuspecting consumers downloaded an app for their smartphone that appeared to be the official banking app of the bank that they use. But it wasn’t. Rather, it was a clever fake app created by hackers. When you install and run it, you give the app your banking information (account numbers, passwords, PIN numbers, etc.) for which the app thanks you. The information provided is immediately sent to the criminals who use it to loot the account, charge things to credit cards, apply for credit at other banks and any other crimes they think might bring them money. Think before you click. Find out if your bank actually has an app, and exactly how to get it. Beware of substitutes!

Of course, the good old standby frauds still are holiday favorites of criminals:

Gift Card Scams

Criminals actually steal zero-value gift cards from store displays. They take the cards, copy the card numbers, scratch off the material covering the security code, replace it with a new security sticker and sneak the cards back to the store. They check the card numbers every day, and when you buy the card and give it a value of $100, the criminals will see that and, using the card number and security code they copied down, spend all of the money you meant as a gift. Look before you buy!

It is best to get a card that hasn’t been on a display – sometimes you can ask for one. Look at it to see if the card packaging seems to have been opened or the security sticker covering the security code seems off center, crooked or covering something else in addition to the security code. Also, when you buy a gift card, give it to the recipient as soon as you can and ask them to spend it quickly. Those actions can’t provide 100% protection, but they will reduce your chance of becoming a gift card scam victim.

Online Charity Scams

Certainly, it’s wonderful of people to think about and be concerned with people in need at the holiday season. But be sure that you’re donating to an actual charity and not a scam. We see the same scams occurring whenever there is a natural disaster, with criminals setting up great-looking websites of purported relief groups and sending out hundreds of thousands of emails soliciting your charitable help. But the charity turns out to be the criminal’s pocket. Deal with reputable charities and make sure you’re at their official website and not a similar sounding fake.

Government Agency Impersonation Scams

Scammers will call consumers claiming to be the Social Security Administration or the Internal Revenue Service threatening jail time or legal action for failure to pay taxes or a “suspension” of a Social Security number. In order to prevent these terrible things from happening, just send a payment and the issue will go away. Please know a government entity will never call a consumer for these reasons.

‘Tis the Season to Think About Tax Return Scams

As soon as the IRS is ready to process tax returns covering 2018, you can be sure that cyber criminals will be filing false returns seeking refunds from your IRS records. Because the IRS uses a first-filed system for determining which of multiple returns associated with a Social Security number to process, the scammers know that it’s the early bird that catches the stolen refunds. Try to get your returns in as early as you can. Also, if you think there’s a problem (like the IRS notifying you that you already filed your return, or seeking payments based on income you never received), you should notify the IRS immediately since you’ve probably been the victim of a tax return scam. This problem has become so prevalent that the IRS actually has a specific form to use to report tax return identity theft – Form 14039.) You should also notify the major credit bureaus and file a report with the FTC.

“Tech Support” Scams

This occurs where the scammer remotely accesses a consumer’s computer then claims to be a legitimate software provider. The scammer states there is a virus on the computer and only needs a few hundred dollars to fix it. The consumer in turn gives full access to their system and payment information to the caller. These scammers typically prey on the elderly and also use high-pressure tactics and create a false sense of urgency.

Stay Alert

At a time when distractions abound, remember: Stop, closely examine, and think before clicking on any links and answering/replying to calls that we have described in this article. We hope you will take this list and check it twice as you watch out for the cyber scammer coming to your town (and inbox and voicemail) this holiday season.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.