Tuesday, October 28, 2014

Better Business Bureau Alert -Cyber Security tip: Holiday shopping online EBay Scam alert


Next time you shop on eBay, watch out for this scam. Con artists are exploiting vulnerability in eBay's editing feature to redirect online shoppers to lookalike websites that can steal passwords.

How the Scam Works:  You are shopping on eBay for a laptop, cell phone or other popular item, and you see a listing with a great price. You click on it, but instead of taking you to the item's page, it reroutes you through a series of websites. You end up at a page requesting your eBay username and password.

 Don't enter it! The site might look like eBay's log in page, but it's really a different website.  If you input your username and password, it will end up in the hands of scammers.

This gives hackers the ability to access your account, and, if you use the same password for other websites, free pass into other accounts.

 How does this happen? EBay permits sellers to use JavaScript and Flash to add design elements to their listings. But this flexibility allows scammers to add malicious code instead, a practice called cross-site scripting.

How to Protect Yourself from this Scam:

·         Check the URL of the website. Before entering your password or any other information, make sure you are on the correct website. Check the URL in the browser bar.

·         Look for a secure connection. Make sure your personal information is being transmitted securely by ensuring the web address starts with "HTTPS" and has a lock icon.

·         Be wary of listings that look too good to be true. Be suspicious of listings that have prices significantly lower than those listed elsewhere. It could just be a ploy to get clicks.

 
 For more information from EBay click on link below for more details

 
 

Thursday, October 23, 2014

Federal Trade Commission - Disposing of Consumer Report Information? Rule Tells How


In an effort to protect the privacy of consumer information and reduce the risk of fraud and identity theft, a federal rule requires businesses to take appropriate measures to dispose of sensitive information derived from consumer reports.
 
Any business or individual who uses a consumer report for a business purpose is subject to the requirements of the Disposal Rule. The Rule requires the proper disposal of information in consumer reports and records to protect against “unauthorized access to or use of the information.” The Federal Trade Commission, the nation’s consumer protection agency, enforces the Disposal Rule.

 

For more information on the list of lenders and who must comply click the link below.
 
 
 
FTC- Disposal Rule

Friday, October 17, 2014

2014 Cyber Security Awareness month Tip – SMART Phone Apps and Privacy- Android’s “Flash Light Mobile” Apps could be stealing your personal information


CPAM members and community, today  one of our CPAM members brought a serious concern to my attention about SMART phone “Flash light “ mobile apps.   In 2013, the FTC fined one Android  SMART phone mobile app developer for misleading consumers for their free app which provided a flash light but also planted “malware” on their phones to read email, capture personal financial information, delete information, obtain geo tracking information, and sell information collected to third parties. 
 
We are all at risk with the use of “free” apps for our SMART phones and our personal information being stolen and used.  I’ve attached a link to the FTC report with details on their findings below.

I am also attaching a report by the company “Snoopwall” that has published a report “Flashlight Apps Threat Assessment” . This report summarizes the privacy and risk of the top ten Android Flashlight Apps. 
 
This is not an endorsement of  Snoopwall which has develop a mobile flashlight app but what I see as a crime prevention practitioner a comprehensive report of  how / what developers are doing to gain access to your personal information. This report also provides tips on how to delete and reset your SMART phone if you’ve downloaded one of the products. 
 
Snoopwall’s  website (www.snoopwall.com )states that they are  the world’s first counterveillance software companies focused on helping consumers and enterprises protect their privacy on all of their computing devices, let’s hope they are true to their mission, data breaches, and privacy concerns should be at the top of every consumers concerns !   Check their website and the report at the links below.

 
Rich Coleman, CPAM

 
 
 

Crime Prevention tip: Preparing for Holiday Shopping? Prepare for data Breach Notices as well!


Consumers have received notices of “Data Breaches” from multiple top retailers throughout the year. As we prepare for the holidays the Better Business Bureau has provided tips on what to do if you receive a notice that your credit card has been comprised.
 
Click on the link below for details from the B.B.B.
 
 
                                    Better Business Bureau, Consumer Alert

Crime Prevention Month Tip: “Just Hang UP! On Telephone Scams”


Crime Prevention Month Tip:  “Just Hang UP! On Telephone Scams”

Residents throughout the State of Michigan have been receiving “cold calls” from scam artists with the “IRS tax scam, Grandparent scam - “Help I need money”, Medical alert devices, Medicare services, and others, it is recommended not to engage in the pitch, just “Hang up!”
 
If you do decide to speak with them ask them to send you information in writing, get their name, ID number and their supervisor, if they refuse it’s obvious they are impostors. Avoid future calls by monitoring your caller ID for the same telephone numbers or numbers you don’t recognize.

For more information on avoiding being a victim of a scam click the image below to access the Better Business Bureau's website.


BBB

Friday, October 3, 2014

JPMorgan Chase: 10/3/14- Chase Breach Affects 76 Million Households, 7 Million Businesses

Hackers have once again accessed a banking institution and if you have an account with JPMorgan Chase you want to read their statement below and visit the security center for updates.  Please monitor your credit statements for any unusual activity in small / large amounts and report it immediately to the bank.

JPMorgan Chase Alert posted on their website 10/3/14:

Important Update on Cyber Security

We want to update you further on the cyber attack against our company.  After extensive review, here is what our forensic investigation has found to date.
Here’s what you should know now:
  • There is no evidence that your account numbers, passwords, user IDs, date of birth or Social Security number were compromised during this attack.
  • However, your contact information – name, address, phone number and email address – was compromised.        
Your money at JPMorgan Chase is safe:
  • Unlike recent attacks on retailers, we have seen no unusual fraud activity related to this incident.
  • Importantly, you are not liable for any unauthorized transaction on your account that you promptly alert us to.
We are very sorry that this happened and for any uncertainty this may cause you.  We don’t believe that you need to change your password or account information. Click here for answers to questions you might have.  As always, we recommend you use care with your accounts and information, as we describe in our Security Center (Link to Security Center).
We’re here to help
Attacks like these are frustrating. There are always lessons to be learned, and we will learn from this one and use that knowledge to make our defenses even stronger. 
 
 
 

Thursday, October 2, 2014

FTC Halts Fake Medicare Scheme that Took Money from Seniors’ Bank Accounts

Scams targeting seniors and consumers continue to surface to steal money by getting your bank account numbers, social security numbers, and other personal information.

The FTC has once again provided insight into how these groups are working, here is a blog post on the most recent scam.


How low can scammers go? As low as stealing from older consumers to line their own pockets. The FTC says some scammers claimed to be calling on behalf of the government to verify information for a new Medicare card or Medicare-related package. In fact, it was a ruse to get people’s bank account information to make unauthorized withdrawals from their accounts.

The callers said they needed to verify people’s identities using information that included the consumers’ bank account numbers. According to the FTC, the scammers told people that the information would not be used to debit their bank accounts, and that there was no charge for their services. But the FTC alleges that was a lie. Within a month or two, victims learned their bank accounts had been debited, often for $400 or more.

At the FTC’s request, a federal court has temporarily halted this scheme that took millions of dollars from consumers without their consent. The FTC is seeking to permanently end the operation and return victims’ money.
No matter your age, you may know someone who has been scammed by telemarketing fraud. They may not talk about it, but the statistics do. The good news is, you can do something about it. Become an FTC ambassador.

Share what you know, by passing this blog post on to your friends, family or neighbors. Let them know never to give out their bank account information to someone who contacts them over the phone. It could lead to a scammer taking money right out of their account.