by Brian Thompson | Dec 8, 2022 | Breach, Identity Theft
Gift card fraud rises during the holidays every year. So many of us love buying and using gift cards as gifts. They are practical, simple to purchase, simple to use, and simple to give as gifts. They typically let the recipient choose exactly what they want, and they are frequently given as rewards for actions.
According to estimates, the market for gift cards is worth hundreds of BILLIONS of dollars. Nobody dislikes receiving a free gift card, right? BUT, gift cards are unfortunately frequently used by con artists to defraud their victims of money.
There are many ways gift cards can be used by scammers, here are the top three, as noted by KnowBe4:
You Have to Use Gift Cards to Pay a Bill
One very typical scam involves a potential victim being contacted by someone, usually via voice call (although it can also be done via text message or email), and being informed that either their regular payment to a reliable service has been declined or that there is a new emergency charge. A good illustration of the former is when a con artist calls pretending to be the victim’s electric company. They will claim that the victim’s regular electricity payment was rejected and that unless they visit a store and pay the bill with gift cards, their electricity will be turned off in a matter of hours. Who would use gift cards to pay their electricity bill? You would be shocked. A who’s who of medical professionals, attorneys, and even law enforcement. People who previously thought they were too savvy to get scammed are often on the victim list.
A good illustration of the latter scam is when a caller pretends to be from the IRS or law enforcement and informs the victim that they owe an unpaid fine and that they will be arrested if they don’t pay right away. Who would think that the police or the IRS would take gift cards as payment for a fine? Once more, a higher proportion than you might guess.
How can you avoid this scam?
There is a very high chance that a request for an emergency payment is fraudulent, especially if it involves gift cards. If the caller is willing to provide their contact information, you can take it. If you ask them for their contact information, they typically hang up the phone immediately. In either case, get in touch with the company. Using a known phone number or email address and inquire about how to confirm the request’s legitimacy. The legitimate company will put you in touch with their billing department so you can confirm the request and pay the bill if it is genuine.
Gift Cards That Have Been Maliciously Modified in Stores
In this scheme, thieves steal department store gift cards, discover their personal PIN numbers, and then put them back on the shelves where a victim will find them. The fraudster can frequently spend the value of the gift card faster than the victim when the victim purchases the previously tampered with card and activates it. To find out when the gift card is activated and how much money is still on it, the fraudster can repeatedly call the store’s gift card number.
How can you avoid this scam?
When you purchase a gift card, check to see if it has been tampered with in any way. Choose gift cards from the bottom of the stack; this is not foolproof but may help. Most major retailers who use gift cards are aware of these scams, and many will you to guard against them. Some of them may even offer to reimburse you if you lose money.
“Win a free gift Card!”
This is a huge scam, particularly during the holidays. It’s a common gimmick to offer “Win a free $100 Amazon Gift Card!” Either you are required to download and run a file to “transfer” the gift card to you, or they will request personally identifiable information from you, such as your social security number or bank account information. There are thousands of legitimate circumstances where anyone can win a free gift card, which makes this particular phishing scam effective.
These scams can be easy to recognize because, despite the fact that they purport to be from a well-known, reputable company, the gift card URL, phone number, or email address is not from that company. Instead, they appear at random in emails or texts. But, again, this can be challenging because many trustworthy businesses hire outside contractors to handle their real free gift card distribution. It’s possible that the URLs, phone numbers, and email addresses you see don’t correspond to the actual, legitimate vendors.
When the offer is simply too good to be true, it more than likely is.
There are tons Gift Card Frauds During the Holidays. It’s typically a scam if someone contacts you and demands that you use a gift card to pay a bill. Simply ignore them if you can’t positively, unquestionably confirm that the gift card reward or request is legitimate or that a card hasn’t been tampered with. A $100 gift card is not worth the risk of losing your bank account and personal information.
Here is some guidance from the FTC regarding gift card fraud.
by Brian Thompson | Sep 22, 2022 | Breach, Identity Theft
So we hear ads about Identity Theft Protection pretty much every day now. But what’s ID Theft Protection, and what is the benefit?
Why should you care?
Because this is happening every day to people you know…causing stress, anxiety, problems at work and with family, and sleepless nights!
First, identity theft is not entirely avoidable, but there are things you can do to protect yourself. An Identity theft protection service can alert you to potential fraud and restore your identity if it gets stolen.
Identity Theft providers do the hard work for you. They do this by searching for your personal information on the dark web, social media, and other databases that can indicate bad actors have your information. Victims who are protected with an Identity theft protection program can turn to recovery advocates. Recovery advocates work for the provider and are specialists in Identity Theft Recovery services. The advocate will take over and complete tasks on behalf of the victim to ensure all concerns and steps are taken care of properly. Many services also offer insurance that can offset legal fees and other expenses related to restoring your identity.
What is identity theft protection?
Identity theft protection services monitor websites and databases for signs of your personal information, such as your social security, driver’s license number, medical ID, and bank account numbers.
When the provider finds your information where it should not be, they will send an alert suggesting a variety of actions. Monitoring will include a variety of places including sources such as, but not limited to:
- Dark web
- *Credit Monitoring
- Social media
- Change of Address Monitoring USPS
- Home Title Changes
- Court Records
- Utility, cable, or wireless services
- Payday loan applications
- Public Records
*Many identity theft protection services also include credit monitoring features. This generally provides notifications when credit is pulled and for changes to your credit report. Changes such as an increase in a credit card balance or a new account opened in your name, can indicate fraud.
And if your information is compromised, identity theft protection services kick in and help you resolve the issue. Most providers also include identity theft insurance, which offers up to $1 million for eligible expenses associated with resolving and restoring your identity, plus assistance from experts.
Buy or not to buy?
Identity theft protection services provide “Peace of Mind with a Place to Turn”. They help you detect fraud early, making it easier to stop the damage before it becomes an even bigger headache. These services are not free but they are a proactive solution to securing your personal information.
Before you sign up for one of these services, take time to understand how these services work to spot fraud and help you restore your identity. Just like in any industry, not all programs are the same. Pay close attention to the Recovery aspect of the service specifically!
Mitigate, Insure against losses, and be a resource when identity theft happens. The peace of mind comes with a nominal fee. Ask your employer if they offer Identity Theft Protection as an employee benefit!
by Brian Thompson | Jul 20, 2022 | Breach, healthcare, Identity Theft
Do healthcare breaches and Medical ID Theft go hand in hand?
I first want to refer back to an article from about two years ago titled Telehealth Creates Creates Cyber Risks. In the article, I stated that “the COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.”
Fast forward one year to August 4, 2021 article titled Healthcare Data Breaches Most-Common Threats to Date in 2021. The article states, “the healthcare sector is once again in the top position as the most breached economic sector” and “healthcare has been at or near the top of the (data breach) chart since at least 2017.”
And again this year, we have seen the trend continue. Hackers hit health companies, insurers with increasing regularity – Inside
But Why Medical Records?
A primary reason ID theft criminals and cyber thieves target healthcare providers is the Electronic Health Record or EHR. EHR is the collection of patient information into a digital record. EHRs significantly improve administrative efficiency and medical proficiency through shared networks and exchanges.
A typical EHR includes
- medical history,
- medications,
- allergies,
- immunizations,
- laboratory test results,
- and radiology images.
Your EHR also includes your
- billing information such as personal information (e.g. date of birth, home address, and Social Security Number),
- insurance information,
- and financial information (e.g. credit card number).
Unfortunately, ID theft criminals and cyber thieves are mostly interested in your personal, insurance, and billing information. For this fact alone, healthcare data breaches continue to be “in the top position as the most breached economic sector.”
Things to Think About
Every health insurance plan you have ever had has your and your family’s Social Security Number (SSN). Almost every healthcare provider (such as a doctor of medicine or osteopathy, podiatrist, dentist, chiropractor, clinical psychologist, optometrist, nurse practitioner, nurse-midwife, or clinical social worker) that you or a family member have been to has your Social Security Number.
So back to the title of this article – Do healthcare breaches and Medical ID Theft go hand in hand? – the answer is a resounding YES based on the Personal Health Information or PHI that is collected, stored, and transferred through your Electronic Health Record.
To make matters worse, this article titled Organization Wide PHI Access is Commonplace at Most Healthcare Orgs reported that “nearly 20 percent of (PHI) files were open to every employee at a given healthcare organization starting on their first day of employment, pointing to troubling data security issues and poor PHI access controls.”
Based on the fact that cyber thieves are stealing healthcare data and are finding new ways to monetize phishing (fraudulent emails), vishing (fraudulent phone calls and voice mail messages) and smishing (fraudulent text messages), consumers need to pay attention to data breach news in general and healthcare data breach news in particular.
To conclude, consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, and regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.
by Brian Thompson | Jun 29, 2022 | Breach, Identity Theft
Whether you are a consumer or a small-business owner Identity Theft should be top of mind. Protect yourself and your business by using these 10 tips to reduce your risk of identity theft.
First, what is Breach Fatigue or Alarm Fatigue?
Alarm fatigue is when we get desensitized to safety alerts and as a result, ignore or fail to respond appropriately to warnings. Breach Fatigue however is more specific. It’s when small business owners and consumers start to ignore the headlines of identity theft and data breaches. Fatigue desensitizes both business owners and consumers to be less likely to proactively protect themselves against the risks of identity theft.
Be proactive and prepared with these 10 Tips
Being proactive and prepared can reduce your exposure to the risks of identity theft.
Personal privacy
- Be more vigilant and hands-on with your personal-privacy settings. Also, be aware that most apps lack basic security defenses and create some sort of privacy issue.
- Stop ignoring terms and conditions. Read, understand, and use privacy settings and be diligent about your social networking. Beware of fake accounts unless you want to be a partner in your own identity theft.
- Protect your vehicle documents as if they were cash and regularly check for unusual activities after purchasing a vehicle.
- Read and understand the privacy policies of every organization you have a relationship with. Know how your information is protected, saved, analyzed, sold, and/or disclosed.
Identity theft
- Synthetic identity theft and fraud is an emerging threat. Check your credit-bureau report quarterly at no cost through annualcreditreport.com.
- No password is “unbreakable”. Do not make it easy for identity theft criminals by using weak passwords, or the same passwords.
- The best defense against phishing is to be aware that it happens every day. Assume you are being “phished” until you verify the source of an unexpected e-mail or call.
Cybersecurity
- Businesses need to understand that a data breach is inevitable. Your business profits, brand, and reputation depend on your data-breach response plan.
- Create a data breach response plan to safeguard your business against insider threats. Conduct pre-employment background screening, regularly test your business and information-security access controls, and regularly review your data retention policy.
- Cyber insurance may be a good option to help your business minimize today’s cyber-risks. Work with your insurance broker to determine your cyber-risks and the best coverage for your organization.
“the best defense is a good offense”. This strategic principle used in business, sports, and military combat for years and is very relevant for this discussion.
Protect yourself and your business by using these 10 tips to reduce your risk of identity theft. Because being proactive instead of having a passive attitude (e.g., breach fatigue) will help both small business owners and consumers be better prepared against everyday threats.
By Mark Pribish
Practice Leader, Identity Theft and Data Breach Services
by Brian Thompson | Apr 20, 2022 | Breach, Identity Theft
by Brian Thompson | Feb 9, 2022 | Breach, Identity Theft, Uncategorized
Two years ago I wrote an article asking the question Is Your Digital Identity Safe? Two days ago I read an Infosecurity Magazine article stating Identity Theft Will Get Worse. It appears that Hackers are coming after you in 2022!
Specific to your digital identity and today’s threat landscape for consumers and small businesses, cyber thieves and ID theft criminals have evolved to the point where hacking and data breaches will happen at any time and can affect anyone.
As for the statement “identity theft will get worse,” the fact is that 2021 surpassed the all-time record for data breaches exposing the Personally Identifiable Information (PII) of millions of Americans.
As a reminder, examples of PII include:
- Name: full name, maiden name, mother’s maiden name, or alias
- Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, employee or student identification number, financial account, or credit card number
- Address information: street address, or email address
- Telephone numbers
- Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
- Biometric data: retina scans, voice signatures, or facial geometry
- Information identifying personally owned property: VIN number or title number
- Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person
And now our digital world, combined with a two-year pandemic, has consumers and small businesses worried. There is so much uncertainty in our world and cybercriminals, and their new scams are adding to the challenge.
Consumer?
If you are a consumer, recent digital risk examples making today’s headline news include How to avoid buying fake Covid tests online and BBB warns consumers of hackers posing as apps like Paypal and Venmo to steal your money.
Cyber thieves and ID theft criminals depend on human nature and emotion such as an individual’s tendency to trust others (e.g. phishing and vishing) and desperation (e.g. the chaos of supply chain shortages such as Covid-19 tests). These phishing and vishing tactics and fake websites have gained attention in recent weeks over the increasing number of identity theft victims.
Small Business Owner?
If you are a small business owner – trusting others and desperation are common risk factors just like a consumer – but it gets worse as Cyber risks top worldwide business concerns in 2022.
According to the just-released 12th Annual Allianz Risk Barometer Survey, cyber incidents at the top of the list. This is only the second time cyber has been at the top of the list in the survey’s history.
Cyber incidents, ransomware attacks, data breaches, or major IT outages worry businesses more than anything else. They worry businesses even more than a business interruption, supply chain disruption, or the COVID-19 pandemic.
To conclude, cyber thieves and ID theft criminals continue to find new and innovative ways to steal your personal information.
Both consumers and small business owners need to keep security education and awareness top of mind. Protecting our digital identities is crucial because hackers are coming for you in 2022.
Mark Pribish
