With Black Friday, Cyber Monday, and the holiday shopping season soon to be in full swing, cybercriminals are working overtime to turn your search for a deal into a score for the bad guys. Below, is an outline of a few perennial holiday shopping scams. It could be helpful to familiarize yourself with the warning signs around these hoaxes and some tips for avoiding them. Hopefully, these tips might help make your holidays memorable for the right reasons, not the wrong ones.
Phishing Scams: Fake Shipping Notifications, Phony Offers, and More
Phishing scams using fake emails are easy to create, cheap to send, and usually bear tons of fruit in the form of payment card information, account login credentials, and other sensitive pieces of data. Even seemingly innocent messages — like electronic greeting cards — can have malicious software (aka, malware) concealed within them.
Social engineers know that email inboxes will be flooded with order confirmations, shipping notifications, and special offers during this time of the year. They pattern their malicious messages after legitimate emails, which makes it easier to trick recipients. And they are not shy about using big-name brands and logos — like Apple, PayPal, FedEx, and others — to make things look more realistic.
Top Avoidance Tactic: Verify, Verify, Verify
Before you interact with a message, give it a good look and make sure everything seems on the up and up — and remember that it’s always better to err on the side of caution. Logos, ‘from’ addresses, and signatures are not proof of legitimacy; you must look deeper for confirmation.
Here are some questions to ask yourself about unsolicited emails:
- Do I know where this message came from?
- Does this message look like others I’ve gotten in the past, or is something off?
- Is this message confusing or does it make sense?
- When I hover over the ‘from’ address and web links, do I see addresses that make sense or does something look suspicious?
- Is this message asking me for personal information (like login credentials, credit card numbers, etc.)?
If you’re even a little unsure, close out of the email. Instead of clicking a link or downloading a file, visit a website by keying the address into your browser, and log into your accounts via secure channels to confirm offers and notifications.
Social Media: A Few Reminders
Many of us post where we are and what we are doing on Social Media. Remember, there are numerous tools that allow hackers to track social medial posts. Two tips:
- Post your trip and vacation pictures when you get back from your trip…posting while you are on your trip is an open invitation for thieves to burglarize your home.
- Turn on multifactor authentication. If you are using just a username and password, then this is the easiest way for a hacker to gain access your account. A secondary authentication method, such as a text message verification will help reduce the chances that your account will get compromised.
It’s Summer!! And many of us have kids or grandkids or other kids or somebody else’s kids and they are starting to get bored and spend a lot of time on video games or on social media. So this security update is dedicated to kid safety. Many thinks to our cyber division friends in several government agencies for helping with this.
So here’s a post that’s going to be very popular with parents, but might irritate some of the kids. As parents, guardians, and gatekeepers, it is our job to keep kids safe online, and the only way to do that is to monitor what they’re doing, and not allow them to download apps.
Here’s an analogy for you: when you teach your child to swim, do you just throw him/her in the deep end of the pool and shout, “Good luck, kid!” What about this - before your child gets a driver’s license, do you just hand over the keys, and go, “Here you go – figure it out!” No. You don’t. You provide swimming lessons. You teach them how to drive. So why get a kid a phone or a tablet and just hand it over, and let them figure it all out by themselves?
What lurks online is JUST AS DANGEROUS (if not worse) than the deep end of the pool, or being behind a wheel.
Here’s some texting apps kids are downloading, that predators know about and are using to reach out to your child:
- Whats App
- Nextplus (used to be Textplus)
DATING & ANONYMOUS APPS:
Yes, there are dating apps FOR CHILDREN out there, and apps that cater to those who wish to remain anonymous.
- Omgle – seriously, their ad says “talk to strangers!” and they assure you that they pick someone at random for you to talk to, and that you can remain anonymous.
- Yubo (used to be Yolo)
- Yik Yak
And the number one BULLYING APP is Sarahah. Seriously, an app FOR bullying. Not to report bullying, but to actually bully others.
LIVE STREAMING APPS:
These apps allow people right into your home – watching your kid via the mobile cam.
- PHOTO & VIDEO STREAMING APPS:
And last but not least,
Roblox, an innocent game, but unfortunately, the 8-year-old kid chatting with your son through this game is probably a 58-year-old unemployed guy named Horace who hasn’t showered in three days.
There’s absolutely no reason for your child to be on ANY of these apps.
As adults, we are the first line of defense between a child, and a stranger online. Every day someone is coming up with a new way to communicate online, so clearly, the only way to prevent your child from becoming a victim, is to be involved. Check the phone. Check the tablet. Don’t let your child have his or her own AppleID or iTunes account. Lock. It. DOWN!
Make sure you always have the password to all of their devices. If they complain they feel like a prisoner in their own home, let them know that’s a better scenario than being a prisoner in a stranger’s “secret room.”
We truly do care about your kids, and we know you do too.
Debit Card Lock
Many major banks (and definitely Stone Bank) can provide you the ability to lock your debit card. This prevents your debit card information from being used to make a purchase. For instance, if a thief in New York has your debit card information, he/she might try to make a charge via an internet site that doesn’t require a CCV or a PIN number……if you have the ability to lock your card, the hacker can’t make that charge. We recommend using a Bank (such as Stone Bank!) that gives you instant access to lock and unlock your debit card. We also recommend keeping the card locked unless you need it. At Stone Bank locking/unlocking is instantaneous so it is a great security feature. If you need help, let one of our Rock Star Bankers show you how!
Many of you have asked about the value of purchasing an identity monitoring software such as Lifelock or Identity Guard. The consumer advocate listed the top 10 Identity Theft programs and I’ve attached a link to that site if you are interested.
Additionally, here are a few things to consider:
- An identity theft program is especially good if you do a lot of transactions online or need to apply for or use credit fairly often. Those programs can cost between $10-$25 per month and will send you updates and alerts if someone is accessing your credit information. Most will also help in the recovery after you have been a victim of identity theft.
- A second option is consider a Credit Freeze: If you are not actively using/accessing your personal credit score (i.e. financing a mortgage, vehicle, etc.) then freezing your credit is one of the best ways to help increase the security and accessibility of that information. A credit freeze can be enabled at all the credit bureaus (TransUnion, Equifax, and Experian) and basically freezes all access to your credit information. The negatives to this are that you must unfreeze your credit if you decide you need a loan or a new credit based relationship. This normally takes about 15 minutes and can be done online. Access to freeze/unfreeze your account requires an online account with the credit bureau and a PIN (from 6-10 digits) that you set up when you freeze your account. So, if you don’t have the need for a lot of credit transactions, a credit freeze might be a good idea. The cost of a freeze varies but is normally $5 or less to freeze/unfreeze at each bureau. In my opinion, a credit freeze is a great option for children under the age of 18 (great for kids who have a SSN but won’t need credit for several years) and the elderly who no longer desire credit. The credit freeze does not allow access to the credit file by any new creditor unless the owner unfreezes the account. Some additional credit freeze information is below.
Credit Freeze Instructions
The easiest and fastest way to place a security freeze on your Equifax credit file is via our online process found at the following link.
If you choose, you may also request a security freeze by calling our automated line at 1-800-685-1111 (NY residents please call 1-800-349-9960) or submitted your request in writing to:
Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348
Please be sure to include the following:
- Your complete name including any suffix (e.g. JR., Sr., etc)
- Complete address
- Social Security Number
- Date of Birth
- Payment (if applicable, please check security fees and requirements for your state). We accept checks, money orders, or a major credit card for the appropriate fees. For VISA, MasterCard, Discover or American Express payment, please include your name as it appears on the card, the card number and the expiration date.
- For your protection, please also send some proof of identification. See Acceptable Forms of Identification for Verification
Arkansas Security Freeze Process
Consumers may place a "security freeze" on their credit reports, which will prohibit us from releasing any information in their credit reports without their express authorization, except to those with whom the consumer has an existing account or a collection agency acting on behalf of the existing account, for purposes of reviewing (account maintenance, monitoring, credit line increases and account upgrades and enhancements) or collecting the account. Your information also may be used for the purposes of prescreening as provided for by the federal Fair Credit Reporting Act, even if a security freeze is on the report. A security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent; however, using a security freeze may delay, interfere with, or prohibit the timely approval of any subsequent requests or applications regarding a new loan, credit, mortgage, insurance, government services or payments, rental housing, employment, investment, license, cellular phone, utilities, digital signature, Internet credit card transaction, or other services, including an extension of credit at point of sale.
The fee for placing a security freeze on a credit report is $5. If you are 65 years of age or older or a victim of identity theft and submit a valid investigative or incident report, complaint with a law enforcement agency or the Department of Motor Vehicles (DMV), the fee will be waived. To request a security freeze, log on to www.experian.com/freeze or send all of the requested information via certified, overnight or regular mail to Experian Security Freeze, P.O. Box 9554, Allen, TX 75013. Overnight mail should be submitted to Experian, 711 Experian Parkway, Allen, TX 75013. Include your full name, with middle initial and generation, such as JR, SR, II, III, etc.; Social Security number; date of birth (month, day and year); current address and previous addresses for the past two years. In addition, enclose one copy of a government issued identification card, such as a driver’s license, state ID card, etc., and one copy of a utility bill, bank or insurance statement, etc. Make sure that each copy is legible (enlarge if necessary), displays your name and current mailing address, and the date of issue (statement dates must be recent). We are unable to accept credit card statements, voided checks, lease agreements, magazine subscriptions or postal service forwarding orders as proof. To protect your personal identification information, Experian does not return correspondence sent to us. Copies of any documents should be sent, and you should always retain your original documents. Be sure to include the $5 fee, or a valid law enforcement report or complaint, or indicate that you are 65 years of age or older. We will send you a confirmation notice once the security freeze has been added, and you will be given a personal identification number (PIN) that will be required in order to remove the freeze temporarily (in order to apply for credit or for any transaction that requires that another party access your personal credit report) or permanently.
To request a security freeze by phone, call 1 866 923 8589 and provide all the requested information. If you do not qualify for the fee to be waived, you may provide your credit card information for the $5 fee. Requests with checks or money orders must be submitted by mail.
To temporarily remove a security freeze for a period of time in order to apply for credit or for any transaction that requires that another party access your personal credit report, log on to www.experian.com/freeze or call 1 888 EXPERIAN (1 888 397 3742), then enter your identification information and PIN. The fee for temporarily removing a security freeze is $5. There is no fee for consumers 65 years of age or older or for victims of identity theft who have provided a valid copy of an identity theft report filed with a law enforcement agency. To temporarily remove a security freeze for a specific party, provide your PIN to the party you wish to grant access to your report.
To permanently remove a security freeze, log on to www.experian.com/freeze or call 1 888 EXPERIAN (1 888 397 3742). You also may write to us and provide your identification information and PIN. If you write to us, always include your personal identification information and proof of your address as specified in this letter. The fee for permanently removing a security freeze is $5. There is no fee for consumers 65 years of age or older or for victims of identity theft who have provided a valid copy of an identity theft report filed with a law enforcement agency. Mail the requested information and payment to the address above.
If you move to a new address and wish to keep the security freeze on your file, submit your request in writing and include all of your personal identification information and proof of your new address as specified in this letter.
Acceptable forms of payment to place or remove a security freeze are credit card, check and money order. If you submit your credit card information by mail, be sure to include the name exactly as it is displayed on the card, the credit card type, the credit card number and the expiration date. Accepted credit cards are American Express, Diners Club, Discover, MasterCard and VISA.