Thursday, December 17, 2015

LifeLock agrees to pay $100 million for allegedly violating FTC order- Dec. 17, 2015


Have you ever wondered what happens when a company is charged with violating a settlement order with the FTC? Well, ya got trouble. I mean trouble with a capital “T”. And for LifeLock, that trouble comes partly in the form of full refunds of up to $100 million for consumers affected by its alleged order violations.

Let me set the stage. In 2010, LifeLock agreed to settle charges with the FTC and 35 state attorneys general that it used false claims to promote its identity theft protection services. The settlement required Lifelock to:
  • stop making deceptive claims;
  • strengthen measures to safeguard the personal information it collects from customers; and
  • pay the FTC $11 million for consumer refunds.
It’s five years later and what do we have? Broken promises and injured consumers. According to the FTC, LifeLock violated the 2010 FTC settlement order by:
  • from at least October 2012 through March 2014, failing to establish and maintain a comprehensive information security program to protect its customers’ sensitive personal information, including credit card, Social Security, and bank account numbers;
  • during that period falsely advertising that it protected consumers’ sensitive data with the same high-level safeguards as financial institutions;
  • falsely advertising that it would send alerts “as soon as” it received any indication that a consumer may be a victim of identity theft from January 2012 through December 2014; and
  • failing to meet the 2010 order’s recordkeeping requirements.
If you’re concerned about protecting your personal information, you may consider paying for identity theft protection services. But before you pay any fees, evaluate the company and its track record. Type the name of the company or product into a search engine along with words like “review,” “complaint,” or “scam.” Be sure to read a few reviews — don’t rely on just one source. Or, you may decide to take matters into your own hands by reviewing your credit reports on a regular basis or placing a credit freeze on your report.
For more information about protecting your personal information, visit our Privacy & Identity page. If you want help recovering from identity theft, visit IdentityTheft.gov.

 

Federal Trade Commission

Tuesday, December 15, 2015

FAA: Drone Registration effective December 21, 2015

News  from the FAA:
If you own a drone, you must register it with the Federal Aviation Administration's Unmanned Aircraft System (UAS) registry. A federal law effective December 21, 2015 requires unmanned aircraft registration, and you are subject to civil and criminal penalties if you do not register.

Review the UAS Registration FAQs to learn more about the program.



Register before January 20, 2016 and your $5 registration fee will be refunded!

 

 
 
 
 

 

Wednesday, December 2, 2015

Password Manager Programs, Which one is safe or best? CNETDownload tips and review for consumers

12/2/15,  Readers - I've received a number of questions about "Password Manager" type programs and are they safe. I found this CNET downloadCNET Download - Password Manager program options article that provides tips and reviews on the programs available, their costs, platforms ( MAC or Android) and what consumers should know when using these types of programs.
Rich Coleman, Crime Prevention Consultant, CPAM 

The best password manager

Set and forget the passwords to all your accounts with our pick for the best password protector.

Best Password Manager: Dashlane Password Manager & Secure Digital Wallet

 
A password manager is your first line of defense against snoops and identity thieves. But some perform far better than others, as we discovered over months of hands-on testing. We looked for password managers that are easy to set up and use, generate excellent passwords, work across all major platforms, and offer strong encryption and multifactor authentication. (See our tips on what to look for in a password manager.)
Ultimately, Dashlane won our endorsement for best password manager. It has a sleek, modern user interface, a helpful tutorial to get you started, and all the features you'd expect from a top-flight password manager.
  • Strong encryption: Dashlane encrypts and stores passwords using the AES-256 standard and, for another layer of security, offers two-factor authentication, letting you verify by text and fingerprint.
  • Easy password management: Dashlane's Password Changer runs a diagnostic on your current passwords to let you know which are weak or generic, then helps you generate stronger passwords.
  • Autofill: Besides storing passwords, Dashlane stores and encrypts notes, receipts, credit card and payment info, and even your IDs, such as your Social Security and passport numbers. That gives you one handy location for all that information and an easy way to autofill forms.
  • Cross-platform compatibility: Dashlane works across Windows, Mac, Android, and iOS, and works with Chrome, Firefox, Safari, and Internet Explorer.
  • Security extras: Dashlane sends automatic alerts if a site you've registered with has been compromised. Its Inbox Scans check your email inboxes for old passwords, email addresses, and other vulnerable information that hackers can use, so you can secure it before it gets stolen.
Read on to learn about more password managers, including cross-platform, mobile-only, and security suite options.
Click the link below for more details from the article and tips:
 

Federal Trade Commisson: New EMV Credit Card Chip Email Scam


Federal Trade Commission: Credit Card Chip Email Scam

10/19/15,Colleen Tressler Consumer Education Specialist, FTC
 
Here's what’s happening: Scammers are emailing people, posing as their card issuer. The scammers claim that in order to issue a new chip card, you need to update your account by confirming some personal information or clicking on a link to continue the process.

If you reply to the email with personal information, the scammer can use it to commit identity theft. If you click on the link, you may unknowingly install malware on your device. Malware programs can cause your device to crash, monitor your online activity, send spam, steal personal information and commit fraud.

So how can you tell if the email is from a scammer?

There's no reason your card issuer needs to contact you by email or by phone, for that matter to confirm personal information before sending you a new chip card. Don't respond to an email or phone call that asks you to provide your card number. Period.

Still not sure if the email is a scam? Contact your card issuers at the phone numbers on your cards.

Don't trust links in emails. Only provide personal information through a company's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure). Click the image for more details.

Click the FTC link below for the rest of the article and tips:


FTC- New Credit Card Scam


Skimming Devices: New EMV Chip Credit Cards - Check ATM Machines and Gas Station Credit Card Readers before use

The Credit Card / Banking industry has sent a number of alerts and tips on the use of the new EMV chip installed in Credit Cards. All of the "points of sale" have compliance dates for having the new card readers in place for you to use the new card. The ATM's and Gas Stations don't have to comply until 2017 so this makes ATM's and Gas Station vulnerable to fraud and skimming devices capturing your bank card numbers and passwords.

Having your "PIN Number" is crucial!  you will not be able to use the new EMV card if you don't have the PIN #.   Recommendation: Don't activate your new cards until you receive the PIN #'s.
 
 
Skimming Devices: Credit Card Fraud


The new EMV chip credit cards being issued are designed to help protect consumers from fraud and unauthorized chargers on credit cards. The scammers have continued to find ways to make you a victim, “ATM machines and Credit Card access at the gas pumps” have become the two devices that consumers should be aware of when using. The “skimming devices” that can be put on these units can go undetected.
 
Recommendation: Check the card reader on the machine, if it is loose or falls off report it immediately to the bank or gas station and call 9-1-1.


 ATM Skimming Device

 Gas Station Skimming Device
 
 
 
ScamBusters: Tips on Avoid ATM & Credit Card theft (click the link below for more details)
 

Holiday Shopping: Tips to avoid packages being stolen from your porch


Holiday Package Delivery Safety Tips:

Here are a few safety tips you can take to better protect yourself if you are expecting a package delivery.  Always retrieve packages (and mail) as soon as it arrives.  
 
If you aren’t going to be home to receive the package:

- Send the package to the residence of a trusted friend or relative who you know will be home. Be sure that the friend is ready and waiting to retrieve the package when the doorbell rings.
- Ask the package delivery company to hold the package if you will not be home (many have local delivery centers) *some companies will hold a package for up to 5 days.
- Request that your package is marked “signature required.” This requires the delivery person to stand by and wait until you’re available to retrieve the package. You could also put a note on your door, requesting the deliverer go to your next door neighbor for the signature.
- Mark the package with a value of $100 or more, which will likely require a signature.
- Leave special instructions on where to deliver the package. A good place is on the side or back of the house, so that the package is out of sight from the road. Ask the deliver to take and discard the note with him/her or leave it with the package.
- Use a company that provides a tracking service and check online to see when it is scheduled to arrive.
- Have the items shipped to the nearest store for “in-store pick up.”
- If you have an understanding boss, have your packages delivered to you at work.
 
Click the company links below for details.

-UPS
 

                                                                          

FraudGuide.com : Blog post, "Gift Card Scams to avoid"

Fraud Guides.com- Gift Card Scam Blog Post

Be careful when selecting gift cards for your friends and loved ones. Crooks have learned how to exploit this popular form of gift-giving through tampering, trickery and outright theft.
Even when the Holiday season is over, gift card sales are a year round business for many retailers. Because of this we want to bring gift card scams to your attention. These scams can drain the value right out of your card before you get to use it.

“Card Not Present” Scam

The first, and rarest (although it does occur) of these is called the Card Not Present or “CNP” scam. Swindlers record the numbers on cards offered for sale, then periodically check to see if the cards bearing those numbers have gone “live”. By “live” we mean that the cards were sold, activated and had a monetary value added to them. When they find cards that have, they use them to make online “card not present” (aka “CNP”) purchases. Using the gift card this way allows the scammer to drain them of their cash values before their intended recipients can use them.
Image of Gift Cards

This doesn’t work on all gift cards, however, just the ones allowing “card not present” situations such as online transactions. While a scam artist can in many cases easily physically access gift card numbers by prying the card from its packaging and putting it back once the number is written down, it’s not  easy to hide the fact that the cards’ PIN number is now visible. Once the covering has been scratched away it can’t be put back. Ironically, the packaging itself can conceal that the card has been tampered with.

If you then purchased one of these cards, the fact that it had been tampered with and its PIN number coating removed might go undetected until its recipient attempts to use it! Many people don’t understand the importance of the PIN number anyway, so a scratched off PIN coating might not raise any alarm. We suggest that consumers only purchase cards stored in secure locations that make tampering difficult. We can’t let that piece of advice go without letting you know that store clerks have also been known to engage in this scam. So purchasing gift cards stored under lock and key may reduce your chances of being ripped off but it won’t guarantee protection from this scam.

Whether you choose a gift card from a store display or have a clerk hand it to you, always take the time to examine both side of the packaging before paying for it. Better yet, remove the packaging before you leave the store. If you can see the PIN number or detect signs of tampering, don’t pay for the card or ask for another. Let the store’s management know why. If the card can’t be used for online or “card not present” purchases you don’t have to worry as much because the thief would need the card in hand to use it.

Additional info - Overstated value, Other ways gift cards have been abused by criminals, and how to avoid gift card scams.
 Click the link for more details:

FraudGuides.com

Nov. 30, 2015 - VTech Toys: Data Breach of Emails, Passwords, Childrens info-date of birth, profiles

VTech - Press Release Nov. 30, 2015

Data Breach Notification of Children's Information


VTech Holdings Limited noted that an unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on 14 November 2015. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products.
Upon discovering the unauthorized access on 24 November 2015, we immediately conducted a thorough investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against any further attacks.

Our customer database contains user profile information including name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history. In addition the database also stores kids information including name, genders and birthdates. In total about 5 million customer accounts and related kids profiles worldwide are affected.

It is important to note that our customer database does not contain any credit card information and VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway.

In addition, our customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).

We have reached out to every account holder in the database, via email, to alert them of this data breach and the potential exposure of their account data. The following email enquiry contacts have also been set up: