Posts

As the holidays approach, savvy consumers should already be on the lookout for scams and fraud. But what about at work? Do you know how to avoid one of the newest twists on an old scam?

Boss phishing—sometimes called CEO phishing or spearphishing, since the message appears to come from someone high up in the company—has been around for a long time, and its targets can be both financial and data-driven. Usually, in the form of a genuine-looking email, the request asks someone to send over sensitive information, change account numbers and move money around, or even change things like usernames and passwords.

It works for one very simple reason… when the boss says to do something, you do it. However, this kind of trust in following orders means the consequences can be very serious for the company and lead to blowback for the employee who was tricked. This newly reported spearphishing scam, though, is particularly horrible since the innocent employee might be the one who’s most profoundly harmed.

In the new variation, the “CEO” emails someone and directs them to buy thousands of dollars’ worth of gift cards for the employees’ holiday bonuses; this could be with their personal credit card or with a company credit card. After the cards are purchased, the “CEO” emails again and says to scratch off the protective strip then submit the card numbers so the boss can email all of the employees their gift car codes.

In a real report of this crime to the Identity Theft Resource Center, a few hours after sending the gift card codes to the scammers, the victim learned the company computer had been hacked. The emails weren’t genuine, and the scammers made off with $5,000 in gift cards.

Fortunately, you can avoid this scam rather easily, but it does require you to get in the good habit of questioning orders. Hopefully, any company leader whose employee receives a strange request won’t be too put out that they took the initiative to verify it before complying.

1. Never click a link or open an attachment in an email unless you know you can trust it. This applies to both your personal email and your business account.

2. Never follow through with strange requests from anyone within the company—like sending over all the payroll records (which contain Social Security numbers), W2s, sensitive account information, or funds—without picking up the phone and verifying the request.

3. Never hit “reply” to share sensitive information. Instead, create a new email with the requested information in case the initial email was hacked or spoofed.

Of course, it can be daunting to “second guess” the boss but that’s what scammers are counting on when they target someone within your company. Think of it this way: it’s far better to ask a silly question and risk a little awkwardness in the workplace than to put your company in a bad situation. Failing to verify a request that turns out to be a phishing attempt can have serious financial consequences for the business, especially if sensitive information is shared.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.


Read next: “What do you do with your scam awareness?”

Identity theft and security experts have warned for years that consumers need to stay on top of the latest news about scams and fraud in order to protect themselves. But there’s no need to keep those details a secret!

A retail employee in Illinois saved the day when she and other workers stopped a senior citizen from becoming the victim of a scam. The customer was trying to buy a high-dollar amount of gift cards to bail her grandson out of jail. According to the story, a far-flung police department had called her to let her know her grandson was in custody and needed $500-worth of gift cards to post his bail. Fortunately, she was prevented from buying the cards and called the local police department instead. Sadly, another customer wasn’t so lucky. She proceeded to buy the gift cards despite the warnings from employees.

Even worse, a Walmart employee in another state tried to be a good Samaritan and prevent a man from purchasing a $2,500 wire transfer to send to a scammer. The employee, who is now being honored by the company’s board of directors for her repeated help stopping other customers from becoming victims, was originally threatened with a lawsuit by the would-be victim since she put up some fuss about processing the wire transfer. Fortunately, once the police were called, the customer learned the truth and thanked the employee for saving him from a crime.

These examples illustrate a very serious issue: scam activity is on the rise and more consumers are sitting up and taking notice. However, as these real scenarios demonstrate, it can be difficult to intervene when you see something taking place, even if you’re certain something isn’t right. You don’t know how your help will be received.

So how do you put your knowledge of scams and fraud to good use and help your fellow consumers while avoiding any negativity? First, just know that no matter how your attempt to help is received, you were trying to do the right thing. Also, you can try this:

1. Spread the social word – Social media can be a powerful force for good, especially if the content you’re sharing is relatable and genuine. It’s tempting to forward every alarming hoax that pops up, but if you craft a sincere warning about scams and fraud, you just might prevent someone else from becoming a victim. Don’t forget to make your post sharable!

2. Host a fraud prevention event – There are a number of organizations that host awareness events throughout the year, but you don’t have to wait for a specific time. You can host your own get-togethers, community action meetings, senior center events and more, then use those as a time to help get the word out about different kinds of fraud.

3. Follow news from the Identity Theft Resource Center online – The ITRC has a Twitter account, Facebook account, weekly newsletter and many other resources that can keep you informed. Sharing their news is as simple as clicking a button. Helping others recognize a potential scam doesn’t have to mean putting yourself out there.

If you see a scam taking place, you can enlist the help of retail employees, store managers, law enforcement officers or anyone else who can stop someone from becoming a victim. No matter how you choose to help, just know that you’re working to make life better for others when you stop a scam in its tracks.


Read next: “Your New Medicare Card Could Lead to a Scam”

The U.S. government began changing the information that Medicare cards contain, and not a moment too soon. Ever since the program was created in 1965, Medicare’s familiar red-white-and-blue paper identification contained the beneficiaries’ Social Security numbers. Even handing your card over in a doctor’s office or pharmacy could lead to identity theft and fraud, let alone the consequences if you lost your wallet or purse.

Now, Medicare cards contain a unique patient identifier number. The administration allowed itself a calendar year to make the switch, and they’re about halfway through the process of issuing new cards to all of the beneficiaries. If you don’t receive your new card by April 2019, contact the Medicare agency for an update.

Wouldn’t it be nice if identity thieves and scammers simply thought, “Gee, guess I can’t steal SSNs anymore!” and threw in the towel? Instead, they’ve come up with new ways to take advantage of their victims, especially those who currently possess one of the new cards.

First, some scams have centered around the cards themselves. Claims from a phone caller that you need to verify your identity, activate your card, pay a fee to upgrade your paper card to a (non-existent) plastic card, or other similar stories are completely false.

Other scams have involved “matching” your identity to your card. A caller claiming to be from the Medicare agency checks to see if you’ve received your new card. If not, they ask for your Social Security number to make sure you’re still covered and receiving benefits. If you have received it, they ask for your SSN to match your patient identifier number to your account and make sure you’re covered. In either case, it’s not true.

One of the more outrageous scams involves your bank account info. This version claims that you have to move all the money out of your current bank account to a temporary “safe” account to avoid scammers who’ve targeted you as a Medicare recipient. Providing your account info obviously leads to the caller draining your bank account.

There are some things to keep in mind about the scams associated with these new cards:

1.You can provide your SSN to receive medical care—even if you’ve received your new card—through December 2019. There’s nothing you need to do to “extend” your coverage or move it over to your new card

2.Your new card is completely free, despite claims that you have to pay a $25 fee to get it; no, you cannot upgrade to a plastic card instead of paper, either.

3.Never verify your identifying information or account information to anyone who contacts you. They called you, remember? They should already have it, and a legitimate caller would never ask you to provide it.


Read next: “Are Scammers Trying to Give You Money?”

Parents instinctively protect their children from any danger that might come their way, but what do parents tend to overlook? Child identity theft.  Given the prevalence of this crime – more than one million cases of child identity theft cases were reported last year alone – it’s crucial that parents and legal guardians start taking the necessary steps to help minimize their children’s risks. To help encourage this thinking, Experian has deemed September 1 as Child Identity Theft Awareness Day to generate more attention around this prolific crime in hopes that it will reduce the amount of victims.

Children’s identities are seen as desirable because they are often left unmonitored for many years, giving thieves ample time to wreak havoc. For example, a recent survey conducted by Experian found that 45 percent of respondents didn’t discover they were a victim of identity theft until they were between the ages of 16 and 18.  Additionally, more than half of those surveyed didn’t discover they were a victim of child identity theft until they applied for credit as an adult or when they received a bill or credit card in the mail.

The emotional toll this crime takes on its victims is also worth noting. The survey discovered that 35 percent of the child identity theft victims surveyed sought professional help in dealing with related stress, anxiety, anger or depression related to the theft; 68 percent said they are fearful it could happen to them again; and 65 percent are angry about the credit roadblocks they have faced. Furthermore, 10 years later, 1 out of 4 victims surveyed are still dealing with the issues and 81 percent of them remain concerned about their ability to get approved for credit in the future.

As illustrated in the survey, the effects of child identity theft can be long lasting and although this crime is not completely unpreventable, parents and legal guardians can take the necessary steps to minimize their children’s risks. For starters, many parents/legal guardians don’t realize that they might be unintentionally putting their child at risk of identity theft by carrying their Social Security card, giving out this number to entities that don’t legally need it (doctor’s office/hospital) and by not being proactive.

Interestingly enough, the survey revealed that when the parents discovered the child identity theft, their children were 14 years old on average, whereas if the child found out about the theft themselves, they were 19 years old on average. What parents don’t often realize is that they might be able to discover this theft even sooner, which could potentially save their children years of headache.  First, parents need to be on the lookout for signs of child identity theft, which include the following: protecting their Social Security number, monitoring their children’s personal information, social media and online activity, paying attention to privacy policies and teaching them about identity theft risks. Second, they might consider doing Experian’s free Child ID Scan, which is a one-time service for parents or guardians to check if an Experian credit report exists for their child. If you do find out that your children’s information has been compromised, we recommend contacting the Identity Theft Resource’s toll-free number at 888-400-5530 to speak to an experienced advisor who can inform you about the necessary steps to take to resolve the issue. You can also use their live chat feature on their website at: www.idtheftcenter.org

Taking small steps to protect your child’s identity can not only greatly reduce their risk of becoming a victim but it can also help them in the long run.

Experian proudly provides financial support to the Identity Theft Resource Center.


Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

Read next: The Harm in Hoaxes on Social Media