by Brian Thompson | Jan 24, 2022 | Identity Theft
“I didn’t know Agents offer Identity Theft Protection?”.. this is a statement I often hear when we tell people about identity theft protection as an employee benefit.
Most of our partner agents say that many of their clients are unsure of how they are exposed to cybersecurity losses, what cyber services are available as part of an ID theft protection program, or that they underestimate the threat. Also indicating that they just didn’t know Identity Theft Protection was a benefit they could even offer!
If we are serious about protecting our clients and their employees we need to first understand why we as agents need to offer this service in the first place.
The Problem Your Clients Already Face
The reality is that employees are already getting their information stolen and it is impacting employees. We get it though, the costs of benefits seem to constantly increase, and running a business is getting more and more expensive. BUT employers are already paying the price of identity theft due to absenteeism and lost productivity from employees who have had their identity stolen.
*Impacts of ID Theft on Employees:


Realities of Identity Theft – Article
The Solution you have for clients
Identity theft protection can be a simple, low-cost, high-value solution. A solution that will protect the company and its employees from the impacts of identity fraud. Businesses Struggle with Rising Costs of Identity Theft – Article
But what does it do for you as an agent?
Yes, all of the things listed above are great reasons alone to offer the program. But, offering identity theft protection solutions as an agent can do many things for you and your business.
Our goal at defend-id is, yes to provide peace of mind with a place to turn for employees, but also to give you a simple solution to an ever-growing problem.
We want to provide you with another line of business to increase retention which increases revenue and recurring revenue for more years to come.
And we want to give you a new reason to reach out, to market your services with new clients or with clients you may have lost in the past – get your foot in the door and add other lines of business.
“I didn’t know Agents offer Identity Theft Protection?”.. this is a statement we do not have to hear. We, who have an opportunity to protect our clients further, can help protect our clients. We can turn this question around, “Did you know we offer identity theft protection as an employee benefit?” Now we are ahead of the curve, offering the best, timely products in the industry. Let us help you get there, it is simple to get appointed and easy to enroll your groups!
Become an appointed defend-id agent today!
*ITRC’s Aftermath Report
by Brian Thompson | Dec 9, 2021 | Breach, Identity Theft
The last two years have created an opportune environment for bad actors ensuring the Cyberdemic will continue into 2022.
As we continue to migrate our lives into the digital world with remote workforces and comfort we increase cybercriminals’ opportunity for attack. This year we have seen a significant shift in the focused attacks on supply chains, home networks, and a gigantic increase in healthcare breaches.
In its latest Data Breach Industry Forecast released Monday, Experian has 5 predictions that underscore the ongoing impact of the pandemic on cybersecurity. Criminals will continue to focus on the remote workforce, the healthcare system, and will begin to narrow their targets to exploit the weakest technologies.
5 Breach Trends for 2022
- Remote Workforce
Those working from home will certainly be targets for those looking to hack into your business. According to the report, home wireless networks are more vulnerable than business VPN’s. Businesses will need to focus on securing employee connections and education.
- Infrastructure
Biden’s infrastructure bill and the trillions of dollars approved by Congress will be a target. Electrical grids, dams, and transportation networks will be heavily targeted by foreign and domestic cybercriminals. Criminals will likely be looking to target funds at disbursement by using phishing and CEO fraud.
- Digital Assets
Cryptocurrencies and NFT’s (Non-Fungible Tokens)– will become greater targets for hackers as they gain more popularity. As we begin to understand and accept these assets as normal and useful, so will the criminals. Chances are, they are just waiting to realize their worth and inevitability.
- Natural Disasters
Natural disasters often bring out the best in those doing their best to help. People will donate to organizations that aim to give aid and help those who have been affected. Criminals will take advantage of our distress and target charitable giving by phishing and masking themselves as the organizations we trust. To complicate things further, supply chains will be broken and unreliable, making important emergency goods difficult to source… another vulnerability that hackers will exploit.
- Gambling
As more and more states are legalizing gambling, phishing scams will target the growing online gambling community. Common scams will include stolen credit card information, account hijacking, or creating sites that appear to be legitimate casinos.
The Identity Theft Resource Center reports that there have been 1,291 breaches in 2021 as of September. There were 1,108 in all of 2020, which is a 17% increase in just three quarters of the year.
The past two years have caused so many disruptions in our way of living and working but we need to increase our personal and professional focus on privacy. As a result, the Pandemic has created an abundance of opportunities ensuring the Cyberdemic will continue into 2022.
by Brian Thompson | Nov 17, 2021 | Identity Theft
The pandemic is proving to bring the expected Unemployment Benefits Fraud & ID-Theft increases predicted by experts.
There were indications early on that there would be a problem with an increase in fraud during the pandemic. As with most issues of mass concern comes the opportunity for bad actors to take advantage of the system and people. With COVID-19 we have seen exactly that, an increase of fraud at epic levels.
Have you been a target?
The phone rings, “Hi Jane, this is Bill calling from XYZ Auto Warranty. I see that your auto warranty has expired and I was calling to see…”. Or have you received a debit card in the mail that you never applied for? Have you gotten a letter asking for additional details for the unemployment application that you never filed?
If any of these have happened to you, you are likely a target.
But why an increase in unemployment fraud?
Unemployment benefit fraud during the pandemic provided the bad guys a huge opportunity. That said the problems that actually cause the increase of fraud have not changed and will not go away because the special COVID benefits have ended. State systems buckled under the weight put on them by the tsunami of layoffs. States had to process millions of applications, including new program applications established by the CARES Act.
Yes, the rate of layoffs and new applications for unemployment have slowed down. But the rate of fraud attempts have not slowed down, and have unfortunately slowed down legitimate claims. The defend-id recovery team, who assist identity theft victims, indicate that they are still receiving daily calls about unemployment fraud. In some instances, they have lost their job and applied for unemployment benefits but have been denied. They are being denied because someone else has fraudulently already done so.
Steps we take
When our clients, or your employees are faced with unemployment fraud we take the following steps to ensure recovery. These steps are taken on behalf of the employee/individual to ensure full and complete recovery.
Here is a step by step look at the recovery process.
Steps taken when there is unemployment fraud:
- An identity theft case will be opened and assigned to a dedicated Recovery Advocate (RA)
- Then the RA will report the fraudulent unemployment insurance claim to the department of labor with the appropriate state
- Then the RA will ensure the employees credit monitoring is active- (not all employees will activate their services so we will help them do that at time of claim)
- This will provide early detection of potential fraud during recovery and into the future
- The RA will provide a 3-bureau credit report
- RA will review the report to ensure it’s accurate and rule out additional fraud or identity theft
- Fraud alerts will be placed with all 3 bureaus on the id theft victim’s behalf and/or provide them with information regarding a complete security freeze
- Victims will recieve an email with a fraud letter, recapping what they have completed on their behalf and the email provides the victim the direct contact information of their RA
- The RA will follow up with the employee to ensure they were able to complete monitoring (if not already completed) and if they have any additional questions or concerns for 12 months.
Please let these be a guide for you or if you want assistance do not hesitate to reach out to one of our team members for help.
Continue to keep an eye on your credit reports, bank accounts, mail and email for new financial or personal activity that seems funny or out of place. If it does seem out of place take steps to understand and do not ignore the signs… it could be Unemployment Benefit Fraud & ID-Theft
Related article: Tax & Unemployment Fraud at Epidemic Levels
by Brian Thompson | Sep 1, 2021 | Breach, Identity Theft
Consumer behavior can help reduce the hacker threat we are all facing. With education and awareness, we can not only protect ourselves but the companies we work with and for.
Author (Matt Burgess) of Wired UK Magazine recommends six action items for consumers to help protect themselves including (6 Things You Need to Do to Prevent Getting Hacked | WIRED):
- The use of multi-factor authentication
- Password manager
- Learn how to spot a phishing attack
- Update/backup everything
- Encrypt everything and
- Wipe your digital footprint.
4 Personal Resolutions to help you
Nearly three years ago I published a similar article on January 18, 2019, titled 4 Personal Privacy Resolutions to Protect Yourself From ID Theft to help consumers with their privacy concerns, by writing about four resolutions including:
-
Social Media: you should reconsider the data you share on social media including Facebook, Twitter, Instagram, Snapchat, and even LinkedIn – as all five of these social media leaders have experienced one or more data breach events. Your resolution is to stop using social media, take a break, or reduce how much time you spend on it.
-
Password Management: using new and strong passwords is one of the best ways to protect yourself from identity theft. Using passwords that there are weak – and might even be used for multiple accounts, puts you at risk. Your resolution is to use a password manager that creates new, strong passwords. A PW manager will also scan existing passwords to flag reused and weak passwords.
-
Terms & Conditions: whenever I speak on the topics of cybersecurity, data breach, identity theft, and personal privacy – I always ask the audience “how many of you” have read the terms and conditions of your social media accounts or apps on your smartphones? The response is always zero. Your resolution is to read the terms and conditions of all new and current accounts. Reading T&C’s will help you understand what personal information that is being collected, used, and sold for marketing purposes.
-
Virtual Private Network (VPN): VPN software scrambles your IP address, encrypts data sent between your computer and the websites you visit, and masks your true location and service provider. This is important if you use public Wi-Fi. Your resolution to use a VPN will prevent hackers from seeing your traffic and potentially scraping sensitive information such as financial details. Public WiFi is Putting You at Risk
While I agree that consumers should be concerned about the recent T-Mobile data breach event where current and former customers are at a high risk of identity theft, consumers should be equally concerned about their behavior relating to social media, the internet of things, human error, and bad habits.
Consumer behavior can help reduce the threat of hackers but we have to educate ourselves and remain diligent.
By Mark Pribish
Vice President and ID Theft Practice Leader
by Brian Thompson | Jul 1, 2021 | General, Identity Theft
The Internal Revenue Service (IRS) recently released 2021’s ‘Dirty Dozen’ tax scams list. The list comes with a warning for taxpayers, tax professionals, and financial institutions…
Be on the lookout for these 12 schemes and scams!
The list is broken down into 4 separate categories:
- Pandemic-related scams like Economic Impact theft
- Personal information cons including phishing, ransomware, and phone “fishing”
- Ploys focusing on unsuspecting victims like fake charities and senior/immigrant fraud
- Schemes that persuade taxpayers into unscrupulous actions such as Offer In Compromise mills and syndicated conservation easements.
The categories are based on who perpetrates the schemes and who they impact.
The IRS continues to see ruses by dishonest people who trick others into doing something illegal or causes them harm. Predators encourage otherwise honest people to do things they don’t realize are illegal or prey on their goodwill.
Several schemes involve fraudsters targeting groups like seniors or immigrants, posing as fake charities impersonating IRS authorities, charging excessive fees for Offers in Compromise, conducting unemployment insurance fraud, and unscrupulously preparing tax returns.
Here are five of this year’s “Dirty Dozen” scams.
Fake charities
The IRS advises taxpayers to be on the lookout for scammers who set up fake organizations to take advantage of the public’s generosity. They especially take advantage of tragedies and disasters, such as the COVID-19 pandemic.
Scams requesting donations for disaster relief efforts are especially common on the phone. Taxpayers should always check out a charity before they donate, and they should not feel pressured to give immediately.
Taxpayers who give money or goods to a charity may be able to claim a deduction on their federal tax return by reducing the amount of their taxable income. But taxpayers should remember that to receive a deduction, taxpayers must donate to a qualified charity. To check the status of a charity, use the IRS Tax Exempt Organization Search tool. (It’s also important for taxpayers to remember that they can’t deduct gifts to individuals or to political organizations and candidates.)
Here are some tips to remember about fake charity scams:
- Individuals should never let any caller pressure them. A legitimate charity will be happy to get a donation at any time, so there’s no rush. Donors are encouraged to take the time to do the research.
- Potential donors should confirm the charity’s exact name, web address, and mailing address. Some dishonest telemarketers use names that sound like large well-known charities to confuse people.
- Be careful how a donation is paid. Donors should not work with charities that ask them to pay by gift cards or by wiring money. That’s how scammers ask people to pay. It’s safest to pay by credit card or check — and only after having done some research on the charity.
For more information about fake charities see the information on fake charity scams on the Federal Trade Commission website.
Immigrant/senior fraud
IRS impersonators and other scammers are known to target groups with limited English proficiency as well as senior citizens. These scams are often threatening in nature.
While it has diminished some recently, the IRS impersonation scam remains a common scam. This is where a taxpayer receives a telephone call threatening jail time, deportation, or revocation of a driver’s license from someone claiming to be with the IRS. Taxpayers who are recent immigrants often are the most vulnerable and should ignore these threats and not engage the scammers.
The IRS reminds taxpayers that the first contact with the IRS will usually be through mail, not over the phone. Legitimate IRS employees will not threaten to revoke licenses or have a person deported. These are scare tactics.
As phone scams pose a major threat to people with limited access to information, including individuals not entirely comfortable with the English language, the IRS has added new features to help those who are more comfortable in a language other than English. The Schedule LEP PDF allows a taxpayer to select in which language they wish to communicate. Once they complete and submit the schedule, they will receive future communications in that selected language preference.
Additionally, the IRS is providing tax information, forms, and publications in many languages other than English. IRS Publication 17, Your Federal Income Tax, is now available in Spanish, Chinese (simplified and traditional), Vietnamese, Korean and Russian.
Seniors beware
Senior citizens and those who care about them need to be on alert for tax scams targeting older Americans. The IRS recognizes the pervasiveness of fraud targeting older Americans, along with the Department of Justice and FBI, the Federal Trade Commission, and the Consumer Financial Protection Bureau (CFPB), among others.
In an effort to make filing taxes easier for seniors, the IRS reminds seniors born before Jan. 2, 1956, that the IRS has re-designed the Form 1040 and its instructions, and that they can use the Form 1040SR and related instructions.
The IRS reminds seniors that the best source for information about their federal taxes is the IRS website.
Offer in Compromise “mills”
Offer in Compromise mills contort the IRS program into something it’s not – misleading people with no chance of meeting the requirements while charging excessive fees, often thousands of dollars.
“We’re increasingly concerned that people having trouble paying their taxes are being duped into misleading claims about settling their tax debts for ‘pennies on the dollar’,” said IRS Commissioner Chuck Rettig. “The IRS urges people to take a few minutes to review information on IRS.gov to see if they might be a good candidate for the program – and avoiding costly promoters who advertise on radio and television.”
The IRS reminds taxpayers to beware of promoters claiming their services are needed to settle with the IRS. And that their tax debts can be settled for “pennies on the dollar” or that there is a limited window of time to resolve tax debts through the Offer in Compromise (OIC) program.
OIC?
An “offer,” or OIC, is an agreement between a taxpayer and the IRS that resolves the taxpayer’s tax debt. The IRS has the authority to settle, federal tax liabilities by accepting less than full payment under certain circumstances. However, some promoters are inappropriately advising indebted taxpayers to file an OIC application with the IRS, even though the promoters know the person won’t qualify. This costs honest taxpayers money and time.
Taxpayers should be especially wary of promoters who claim they can obtain larger offer settlements than others or who make misleading promises that the IRS will accept an offer for a small percentage. Companies advertising on TV or radio frequently can’t do anything for taxpayers that they can’t do for themselves by contacting the IRS directly.
Taxpayers can go to IRS.gov and review the Offer in Compromise Pre-Qualifier Tool to see if they qualify for an OIC. The IRS reminds taxpayers that under the First Time Penalty Abatement policy, taxpayers can go directly to the IRS for administrative relief from a penalty that would otherwise be added to their tax debt.
Unscrupulous tax return preparers
Although most tax preparers are ethical and trustworthy, taxpayers should be wary of preparers who won’t sign the tax returns they prepare. For e-filed returns, the “ghost” will prepare the return but refuse to digitally sign as the paid preparer.
By law, anyone who is paid to prepare, or assists in preparing federal tax returns, must have a valid Preparer Tax Identification Number (PTIN). Paid preparers must sign and include their PTIN on the return. Not signing a return is a red flag that the paid preparer may be looking to make a quick profit by promising a big refund or charging fees based on the size of the refund.
Unscrupulous tax return preparers may also:
- Require payment in cash only and will not provide a receipt.
- Invent income to qualify their clients for tax credits.
- Claim fake deductions to boost the size of the refund.
- Direct refunds into their bank account, not the taxpayer’s account.
It’s important for taxpayers to choose their tax return preparer wisely. The Choosing a Tax Professional page on IRS.gov has information about tax preparer credentials and qualifications. The IRS Directory of Federal Tax Return Preparers with Credentials and Select Qualifications can help identify many preparers by type of credential or qualification.
Taxpayers should that they are legally responsible for what is on their tax return regardless of who prepares it. Consumers can help protect themselves by choosing a reputable tax preparer.
Unemployment insurance fraud
Unemployment fraud often involves individuals acting in coordination with or against employers and financial institutions. Their goal is to get state and local assistance to which they are not entitled. These scams can pose problems that can adversely affect taxpayers in the long run.
States, employers, and financial institutions need to be aware of the following scams related to unemployment insurance:
- Identity-related fraud: Filers submit applications for unemployment payments using stolen or fake identification information to perpetrate an account takeover.
- Employer-employee collusion fraud: The employee receives unemployment insurance payments while the employer continues to pay the employee reduced, unreported wages.
- Misrepresentation of income fraud: An individual returns to work and fails to report the income to continue receiving unemployment insurance payments, or in an effort to receive higher unemployment payments, applicants claim higher wages than they actually earned.
- Fictitious employer-employee fraud: Filers falsely claim they work for a legitimate company, or create a fictitious company, and supply fictitious employee and wage records to apply for unemployment insurance payments.
- Insider fraud: State employees use credentials to inappropriately access or change unemployment claims, resulting in the approval of unqualified applications, improper payment amounts, or movement of unemployment funds to accounts that are not on the application.
Below is a shortlist of financial red flag indicators of unemployment fraud:
- Unemployment payments are coming from a state other than the state in which the customer reportedly resides or works.
- Multiple state unemployment payments are made within the same disbursement timeframe.
- Unemployment payments are made in the name of a person other than the account holder or in the names of multiple unemployment payment recipients.
- Numerous deposits or electronic funds transfers (EFTs) are made that indicate they are unemployment payments from one or more states to people other than the account holder(s).
- Higher unemployment payments are seen in the same timeframe compared to similar customers and the amount they received.
Stay tuned for additional sections to come on the 2021’s ‘Dirty Dozen’ Tax Scams list.
by Brian Thompson | Jun 23, 2021 | Breach, Identity Theft
Reality…no company can prevent a breach! Earlier this month I was a guest speaker at the 2021 Nebraska Credit Union League Annual Meeting & Convention.
One of my talking points was about the reality of data breaches and how the final story for most data breach events rarely reflects the initial news report. Initial reports speak of what is currently known about the breach. But those reports never cover the long-term impact of affected individuals and small businesses.
In case you missed it, some of the notable data breaches so far in 2021 include CNA, Experian, Facebook, GEICO, Instagram, LinkedIn, Microsoft, Tesla, and Microsoft.
The irony to these data breaches is that these businesses pride themselves on safeguarding PII (Personally Identifiable Information). An additional irony is that these businesses have more financial and information technology resources than most other businesses, and yet they still cannot prevent a data breach event from happening.
Reality
The reality of data breaches is that they occur almost every day – whether it is an accidental release (which is a polite phrase for carelessness, incompetence, or simply stupidity) or malicious intent (with the insider threat a common focal point, although the media heavily focuses on hacking events).
To help add clarity to the above, the recently released 2021 Verizon Data Breach Investigations Report (Verizon 2021 Data Breach Investigations Report Released) provides the latest data breach-related trends and statistics that can help both consumers and employees be proactive in mitigating their exposure to identity theft and data breaches.
This year’s Data Breach Investigations Report (DBIR) helps define words in an accurate and complete manner such as “incident” and “breach” and highlights the reality of data breaches that can support a cyber-risk management strategy for all businesses in general but small business in particular.
Things to know
- Social engineering is the most successful attack
- The top hacking vector in breaches is web application servers
- Denial of service is the most frequent way incidents occur
- 85 percent of breaches involved a human element
- Financially-motivated attacks are the most common
- Organized crime continues to be the number one attacker
- Compromised External cloud assets, more than on-premises assets
- The exploitation of Unpatched older vulnerabilities by attackers
- Credentials remain one of the most sought-after data types, followed by personal information
- Employees continue to make mistakes that cause incidents and breaches
- Lost and Stolen devices
- Misuse of Privileges
- Business Email Compromises were the second most common form of social engineering (COMPLACENCY MAKES HACKERS SUCCESSFUL)
- The majority of social engineering incidents were discovered externally
DBIR also states “phishing continues to be a top cause of data breaches, followed by stolen credentials and ransomware. Threat actors ‘will first exfiltrate the data they encrypt’ and threaten to reveal it publicly if the ransom isn’t paid.”
To conclude and while this year’s Verizon report highlights “the importance of building a culture of cybersecurity vigilance,” I believe that having a response and recovery program in place is just as important as having an information security and governance program in place.
Why, because I believe the reality of data breaches is that “no one company can ever prevent itself from experiencing a data breach event”. This is something I have been writing and speaking about for the last 15 years.
By Mark Pribish
Vice President and ID Theft Practice Leader