Tag Archive for: Scams

Coronavirus Scammers User Fake Sites to Steal Your Stimulus

https://www.youtube.com/watch?v=WJcT81kawc4′ format=’16-9′ width=’16’ height=’9′ custom_class=” av_uid=’av-mo9up3

Coronavirus Scammers Are After Your Stimulus Check

Scammers and cybercriminals love to exploit the headlines. COVID-19 isn’t the only pandemic affecting Americans – so are the scams that go along with it.

Case in point: stimulus checks that will help Americans weather the COVID-19 pandemic are already being targeted by scammers, who take advantage of the confusion and disinformation surrounding the rollout of the relief funds. They know how easy it is to profit from crisis.

The IRS set up an Economic Impact Payment website to enable Americans to claim and track their stimulus checks, and will mail or directly deposit the payments. Unfortunately, scammers have quickly designed more than 4,000 similar websites to try to skim payments from unsuspecting citizens.

IRS Stimulus Check Scams (Economic Impact Payments)

  • Some coronavirus scammers may be after the payments themselves, while others are using the opportunity to get valuable personal information, like bank account numbers
  • There has been a 6,000% increase in spam emails related to COVID-19 since early March, with many of these emails aimed at stealing the IRS checks.
  • 4,000 new websites related to the stimulus checks created since January. The websites are set up to either look like the IRS or banks, with hackers trying to trick individuals into disclosing their financial information.

How to Protect Your Economic Impact Payment Stimulus Check

  • Be extra wary of all stimulus-related emails, calls, and texts. The IRS will never contact you by phone, email, text message, or social media. Only use irs.gov/coronavirus to submit information to the IRS – and never in response to a call, text, or email.
  • Check the language. Stimulus payments aren’t actually called “stimulus checks,”— official term is “economic impact payment.” So if you get an email, call or text using the unofficial language of “stimulus check,” it’s a tip-off that the message isn’t legit
  • Watch for your receipt. Whether you receive your payment via direct deposit or as a paper check through snail mail, the IRS will also send you a letter in the mail 15 days later letting you know that the payment was sent. The agency won’t be hounding you or anyone else over the phone, email or text about it. That letter is useful because it serves as official verification that your stimulus payment was sent out. If you get one after receiving your payment, then you’ve got nothing to worry about. But if you get one before your payment arrives, it’s a sign that you might be the victim of fraud.

12 Days to a Safe Christmas: Day 12 – Holiday Security Tips All Wrapped up Together

Would you like to give the people you care about some peace on earth during this holiday season? Take a few minutes to pass on our 12 privacy tips that will help them protect their identities, social media, shopping and celebrating over the coming weeks. The more people that take the steps we’ve outlined in the 12 Days of Christmas, the safer we all become, collectively.

Have a wonderful holiday season, regardless of which tradition you celebrate. Now sing (and click) along with us one more time.  

On the 12th Day of Christmas, the experts gave to me: 

12 Happy Holidays,

11 Private Emails,

10 Trusted Charities

9 Protected Packages

8 Scam Detectors

7 Fraud Alerts

6 Safe Celebrations

Fiiiiiiiiiiive Facebook Fixes

4 Pay Solutions

3 Stymied Hackers

2 Shopping Tips

And the Keys to Protect My Privacy

 


About Cybersecurity Keynote Speaker John Sileo

John Sileo is the founder and CEO of The Sileo Group, a cybersecurity think tank, in Lakewood, Colorado, and an award-winning author, keynote speaker and expert on technology, cybersecurity, and tech/life balance. He energizes conferences, corporate trainings and main-stage events by making security fun and engaging. His clients include the Pentagon, Schwab, and organizations of all sizes. John got started in cybersecurity when he lost everything, including his $2 million business, to cybercrime. Since then, he has shared his experiences on 60 Minutes, Anderson Cooper, and even while cooking meatballs with Rachel Ray. Contact John directly to see how he can customize his presentations to your audience.

Anderson Cooper Targets ID Theft in New Year's Resolution

Anderson Cooper’s 1st show of the year brought a panel of experts to discuss New Year’s resolutions, why we make them and how we can better keep them. Identity theft expert John Sileo closed out the show with 3 Tips for Avoiding Scams in the new year. Click on the video to the left to view the segment. Anderson and John discuss smartphone stupidity, passwords and social networking privacy.
Identity Theft Expert John Sileo Appears on the Anderson Cooper New Year’s Resolution Special.

John Sileo is an award-winning author and speaks internationally on the dark art of deception (identity theft, data privacy, social media manipulation) and it’s polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply results and increase performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his keynote or media appearances on Anderson Cooper, 60 Minutes or Fox Business. Contact him on 800.258.8076.

Electronic Pickpocketing Hype Banks on Your Fear!

Electronic Pickpocketing is Possible, but Over-Hyped.

There is a new wave of hi-tech identity theft that allows thieves to steal your credit card information using inexpensive technology to intercept credit card (and sometimes even passport) information without even touching your wallet. Watch the video to the left or read our Electronic Pickpocket post to learn the basics.

And make sure you pay attention to the fact that the person they are interviewing for the news piece in the video MAKES MONEY FROM YOUR FEAR OF ELECTRONIC PICKPOCKETING! The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take this gentleman’s perspective into consideration before buying the hype. He benefits from your fear, so do a little more research before you go gettin’ all paranoid.

The amount of hype this old form of theft is receiving (yes, this has been possible for years, despite all of the attention it’s getting now) is a bit overblown. Here are just a few reasons why:

  • The person being interviewed in the video benefits from your fear of electronic pickpocketing.
  • When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
  • Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
  • Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
  • As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
  • Most cards only transmit 2-3 inches, which means that someone has to get a laptop-sized bag within two inches of your purse or wallet. This isn’t impossible, but it takes a fair amount of time and skill (notice how the news report doesn’t show them doing it without asking the people first). In most cases, this amount of work is too time intensive for the identity thief – it’s more lucrative to hack into a system that contains hundreds of thousands of credit card numbers (and other information) all in one place.
  • Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
  • If you want to get technical, which you probably don’t, credit card theft isn’t actually identity theft. They don’t have access to the personal items they need to actually steal your identity.

But it can happen, and it’s worth preventing. Which is simple:

  • First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
  • Second there are sleeves and wallets built to protect your cards and make them unable to scan and be lifted. Several companies, like Checks Unlimited make RFID wallets & products that shield the electromagnetic energy necessary to power and communicate with contactless smart cards, passports, and enhanced drivers licenses.
  • Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
  • If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
  • Never leave your purse or wallet in an easy to scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
  • For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.  Checks Unlimited offers a wide variety of these types of RFID blocking sleeves & cases.”

But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.

John Sileo is the award-winning author of two identity theft prevention books, Stolen Lives and Privacy Means Profit (Wiley, August 2010) and America’s top Identity Theft Speaker. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include 60 Minutes. Contact him on 800.258.8076.

Social Engineering Expert Quoted in CSO Article

Quoted from the original CSO Online story:

Social engineering stories: The sequel

Two more social engineering scenarios demonstrate how hackers still use basic techniques to gain unauthorized access, and what you can do to stop them

By Joan Goodchild, Senior Editor
May 27, 2010 —

John Sileo, an identity theft expert who trains on repelling social engineering, knows from first-hand experience what it’s like to be a victim. Sileo has had his identity stolen—twice. And both instances resulted in catastrophic consequences.

The first crime took place when Sileo’s information was obtained from someone who had gained access to it out of the trash (yes, dumpster diving still works). She bought a house using his financial information and eventually declared bankruptcy.

“That was mild,” said Sileo, who then got hit again when his business partner used his information to embezzle money from clients. Sileo spent several years, and was bankrupt, fighting criminal charges.

Now that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

ow that he has come out of it all innocent, he spends his time assisting organizations train employees on what social engineering and identity theft techniques look like.

“I’m trying to inspire employees to care about privacy,” he said. “If they don’t care about it at a human level, they are not going to care about the company’s privacy policy or IT security. You’ve got to get it at a primal personal level.”

Sileo ran through some memorable social engineering scenarios he’s heard during his years as a security lecturer. The first is taken from his upcoming book

Continue Reading Social engineering stories: The sequel

If you are serious about training your staff on social engineering scams, fraud detection and protecting your business from a costly data breach, start with the items above and then bring a professional social engineering expert to your next meeting or conference. Email us for more information or contact one of us directly on 800.258.8076.

Fraud Report: SMiShing Identity Theft

Identity Theft Expert John Sileo’s Latest Fraud Report

Just as you wouldn’t want to give any personal identity information to someone via email, you want to use the same practices via text message. There is a new wave of fraud that tries to trick you with text messages appearing to be from your bank.

According to Wikipedia, SMiShing uses cell phone text messages to deliver the “bait” which entices you to divulge your personal information. The “hook” (the method used to actually “capture” your information) in the text message may be a web site URL, like it is in phishing schemes. However, it has become more common to received a texted phone number that connects to an automated voice response system. One version of this SMiShing message will look like this:

Notice – this is an automated message from (a local credit union), your ATM card has been suspended. To reactivate call urgent at 866-###-####.

In many cases, the SMiShing message will show that it came from “5000” instead of displaying an actual phone number. This usually indicates the SMS message was sent via email to the cell phone, instead of being sent from another cell phone.

Once you take the “bait” and pass on your private information, it can be used to create duplicate credit/debit/ATM cards. There are some documented cases where the information an unsuspecting victim gave on a fraudulent website was used within 30 minutes…halfway around the world.

To minimize your risk:

  • Approach all text messages asking for your personal information with a great deal of skepticism (Hogwash, to those in the know).
  • Understand that no bank, business or financial institution will EVER ask you to divulge or confirm your personal banking information over email or SMS text message.
  • If you have any question at all that the text is legitimate, contact your bank or financial institution directly using a published phone number (on the back of your card, for example).

John Sileo became America’s Top Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer and the FDIC. To learn more about bringing John to your next meeting or event, contact him directly on 800.258.8076.