Sheboygan Police

Fraud Topics

Click each item to learn more. Topics are listed in order of occurrence on WHBL. For general tips for staying safe from fraud, also see our Fraud Prevention page.

 

 

October is Cybersecurity Awareness Month (10/14/21)

What is it?

Cybersecurity is the art and science of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. Cybersecurity is making sure that your online presence, your smart devices, your information in cyber space stays safe and out of the hands of the wrong people.

What are the potential threats?

  • Phishing: Phishing attacks use emails and malicious websites that appear to be trusted organizations, such as charity organizations or online stores, to obtain user personal information.
  • Malware: A computer can be damaged or the information it contains harmed by malicious code (also known as malware). A malicious program can be a virus, a worm, or a Trojan horse. Hackers, intruders, and attackers, all of whom are in it to make money off these software flaws.
  • Identity Theft and Scams: Identity theft and scams are crimes of opportunity, and even those who never use computers can be victims. There are several ways criminals can access your information, including stealing your wallet, overhearing your phone call, dumpster diving (looking in your trash) or picking up a receipt that contains your account number.

What can I do to lower my risk?

  • Use and maintain anti-virus software and a firewall: Use an antivirus program and a firewall to protect your computer from viruses and Trojan horses that could steal or modify your data. When software notifies you of an update, called a patch, be sure to update as soon as possible to prevent hackers from exploiting known issues or vulnerabilities. Also, set-up an automatic, regular spyware scanning routine to catch vulnerabilities.
  • Establish computer usage guidelines: Help children understand how to use the computer, other connected devices, and the internet safely. Have candid, age appropriate conversations with younger users to help them understand the do’s and don’ts of cybersecurity. These conversations can protect your data by setting clear boundaries and guidelines.
  • Double check email attachments: An email that looks as if it came from someone you know doesn’t necessarily mean it did. It is possible for viruses to alter the return address so that it looks like the message came from someone other than the sender. Before opening any attachments, verify that the message is legitimate by contacting the person who sent it. Use caution even from people you know, be wary of unsolicited attachments.
  • Trust your instincts: As the old saying goes, “if it is too good to be true, it probably is.” Some antivirus software might not have the latest virus protections because attackers are constantly releasing new viruses. However, always be sure to scan documents and attachments with antivirus software before opening them. Do not open suspicious emails or attachments and turn off automatically downloading attachments. But always remember: technology can only help so much, so trust your instincts!

For more information, click HERE to review the Tip Sheets on CISA.gov.

Click here to go back to the top of the page.

Scam Review and the “Devious Licks” TikTok Challenge (09/23/21)

Let’s review the most common types of scams seen in the Sheboygan area:

Romance scam – criminals pose as interested romantic partners on social media or dating websites in order to gain your trust and extract money from you

Imposter scam – criminals pose as a relative (usually a child or grandchild) claiming to be in immediate financial need, or as a government agency or utility company demanding money

Tech support scam – criminals pose as technology support representatives and offer to fix non-existent computer issues

Lottery/Sweepstakes or Charity scam – criminals claim you’ve won a foreign lottery or sweepstakes, which you can collect for a “fee”, or the scammer claims to work for a charitable organization

To protect yourself, remember these tips:

  1. Stop communications with the suspected scammer immediately
  2. Don’t be pressured to act quickly; take time to verify the story
  3. Never wire money, or provide gift card numbers, to unknown or unverified people or businesses
  4. Do not click on links in unsolicited emails or text messages
  5. Remember the adage, “If it sounds too good to be true, it is.”

What is the “Devious Licks” challenge on TikTok?  It’s a social media-driven “challenge” that encourages kids to steal or damage school property, then anonymously share a video with the hashtag on the TikTok platform.  The most common acts include stealing soap dispensers and damaging toilets or sinks.

Why are teens participating?  It’s a combination of biology and sociology, affected by teens’ brain development and the dopamine rush from “likes, comments, and views”, along with a teen’s need for belonging.

What can you do as a parent?

  • Help kids understand their digital reputation
  • Discuss the consequences of illegal or risky behavior

Develop a positive relationship with your child with open lines of communication

Click here to go back to the top of the page.

Keeping Your Cell Phone Secure and Other Fraud Updates (09/09/21)

Hackers and criminals have recently begun to rely more on “zero-click” exploits to breach phone data.  These attacks are typically very highly targeted in nature, and deploy far more sophisticated tactics than mass cyber-attacks that we see and know of on a daily basis.  Typical cyber-attacks rely on the potential victim being tricked into clicking a malicious URL, or downloading an attachment that contain macros with embedded malware.  In a “zero-click” attack, malicious software is usually added to the root file system which makes it more difficult to detect and trace.  However, these “in-memory” payloads generally cannot survive a phone re-boot – therefore, people should power cycle their phones at least once a week to help prevent against this form of cyber-attack.

Cell phones are also vulnerable to “SIM swaps”, which allow a criminal to essentially take-over your phone service.  To guard against this, you should first make your PIN code for your cell phone billing account hard to guess.  Next, set-up account protection with your carrier.  It’s referred to by different names: “port freeze”, “account takeover protection”, “account lock”.

There are two additional sources of fraud you should be aware of: using electronic payments apps and fitness club thefts.  If you choose to use an electronic payment app like Venmo or Cash App, you should understand that you do not have the same consumer protections as using a credit card.  To reduce the risk, set-up a separate bank account to fund your payments and only keep enough money in the account to cover the transactions.  Also, only send money to family or close friends.

Finally, be aware that there has been an increase in thefts from fitness clubs, including lockers and vehicles.  To avoid being a victim, don’t bring valuables when you work out.  If you must, leave them in your LOCKED car, out of sight.

Click here to go back to the top of the page.

T-Mobile Data Breach and Investment Account Fraud (08/19/21)

I’m a T-Mobile customer – what should I know about the recent data breach?

Not all data breaches are created equal – the most recent T-Mobile breach, estimated to affect 50-100 million individuals, deserves your attention if you’re a T-Mobile subscriber.  A lot of the information obtained from the hack is likely already widely available online, but the blend of data is what’s concerning.  The combination of names, phone numbers, and carrier data makes it much easier for scammers to employ “phishing” methods designed to convince someone to click on a malicious link that advertises, for example, deals or offers for customers.  And having all that information in a single data base makes it easier for criminals to commit identity theft.  Additionally, having access to your phone’s IMEI (International Mobile Equipment Identity) number could allow a criminal to perform a SIM-swap, thus taking over your account.  This would allow the criminal to gain access to two-factor authentication codes and compromise the security of your passwords and accounts.

What to do:

  1. Change your T-Mobile account password and PIN
  2. Sign-up for a credit freeze (click HERE for more info)
  3. Consider using an authenticator app

Possibly the biggest financial fraud theft you’ve never heard about

Criminals are increasingly adapting to exploit technology to steal your money.  Instead of robbing banks, criminals are hacking into your accounts through social engineering, since there’s less chance of getting caught and typically the consequences are lower if caught.

It’s not just your checking or savings account that they are after – it’s your retirement and investment accounts.  It is estimated that only 10% of money in the U.S. is in banks – the rest is in 401Ks, IRAs, and other investment accounts.  And Congress has never passed protections for consumers on hacks against investment accounts.  Unlike banks and credit cards, investment accounts have little-to-no regulatory protection from fraud losses.  Even though some companies have policies that provide consumer protection against fraud, there are often many hoops to jump through.  You are the first line of defense!

What to do:

  1. Set up two-factor authentication on your retirement and investment accounts.  While not foolproof, this tactic offers strong protection.  Just remember to never give someone your authentication code.
  2. Implement a STRONG password – most people hate dealing with passwords, but the stronger and more unique the password is, the more secure your account.  Instead of a common word or random letters and numbers, use a passphrase of at least five or six random words, and consider using a password manager program.
  3. Review your account balances and activity regularly, once a week, and immediately report unauthorized activity.  The sooner you identify and report fraud or suspicious activity, the better chance of getting your funds restored.

Click here to go back to the top of the page.

Home Delivery Scam and “Social Media: The Weakest Link” (07/15/21)

One of the more prevalent scams currently being employed by criminals is referred to as the home delivery scam.  Typically, you receive a text message appearing to be from a well-known package delivery service (UPS, FedEx, etc).  The message advises that the delivery service attempted to deliver a package to you, but no one was home to receive it and a re-delivery needs to be scheduled.  The message contains a link to a realistic-looking web site, where they ask you to pay a modest fee (a clue that it’s a scam), typically a few dollars, for re-delivery.  The scammers then ask you to enter your personal information (another clue it’s a scam) and payment information.  Sometimes, the scammers will go so far as to ask for additional info (“protecting you from fraud”) such as your date of birth and/or mother’s maiden name.

To avoid being the victim of this scam:

  1. Check all URL’s carefully – bookmark legitimate sites in advance.
  2. Steer clear of links in messages and emails – go directly to the company’s web site to conduct business.
  3. Review your bank and card statements – don’t just look for payments that shouldn’t be there, but also keep an eye out for expected payments that don’t go through; also, be alert for incoming funds you weren’t expecting, given that you could be responsible for any funds that passes through your hands, even if you neither asked for it nor expected it.
  4. When it comes to personal information, when in doubt DON’T give it out.

Data hacks are everywhere right now – attacking us as individuals, attacking businesses, government agencies, hospitals, and public utilities.  How are hackers gaining access to these systems?  Often by looking for the weakest link, which many times is the employee’s social media account (Facebook, Linkedin, Twitter).

A recent article in the WSJ noted that a hacker can find everything they need to break-in to your life within 30 minutes of scanning your social media posts.  Hackers employ “automation” to scan your posts quickly.

Sometimes we feel helpless against this kind of intrusion – the key to prevention is privacy.  During the pandemic, many people turned to social media to connect with one another and posted a lot of personal information.  It’s time to get back to more secured profiles.

Things not to do on social media:

  1. Do not post private information for public viewing, such as travel plans, personal interests, details about family members, birthdays, and pet names.  These are often the answers to our “security questions” on the sites we visit.  Make sure your profile is set to only be viewed by trusted friends and family.
  2. Be careful when responding to “friend” or “follow” requests – pages can be counterfeited.
  3. Use a separate email just for social media sites.

Click here to go back to the top of the page.

Cryptocurrency Primer (06/24/21)

Lately, there have been a lot of stories in the news about cryptocurrencies like Bitcoin.  Hackers have demanded payment in Bitcoin for ransomware attacks, and other scammers have used Bitcoin investment schemes to defraud unsuspecting victims.  Also, the value of Bitcoin has dropped dramatically over the past month.  So, what is Bitcoin and how does it work?

Bitcoin was the first and is arguably the most popular form of cryptocurrency.  There are currently over 1,600 available cryptocurrencies.  In simplest terms, a cryptocurrency is a form of digital currency.  Unlike traditional money, cryptocurrencies are decentralized, meaning no single entity is in charge of it.  Cryptocurrency transactions rely on something called a blockchain, which is a shared database that is managed by a global network of computers.  When you engage in a transaction using cryptocurrencies, these networks validate and transmit that entry in the blockchain.   For example, when you send some Bitcoin to your friend, you’re creating and publishing an entry into the Bitcoin network.  The computers in the Bitcoin network will check to make sure that you haven’t already sent the data representing the cryptocurrency to another person previously.  When you send the Bitcoins, the receiver’s account is credited and your account is debited.

Each person using the network has a crypto address, similar to an account number.  This identifies where to debit and credit the cryptocurrency from and to.  One misconception about cryptocurrency transactions is that they are anonymous.  While some cryptocurrencies prioritize privacy, most mainstream cryptocurrencies like Bitcoin publish transactions on a public blockchain.  This means that anyone with computer access can view the transactions, including the address of the sender and receiver, date and time, and the amount of the transaction.  What is generally not publicly available is the identity of the person behind the crypto address.  One person could hold multiple addresses, and in theory, there would be nothing to link those addresses together, or to indicate that the person owned them.  This is one way criminals exploit the cryptocurrency market to facilitate crimes.

While most people don’t currently use cryptocurrencies for purchases or investments it is important to know that criminals are increasingly employing this payment method in financial crimes and scams.  According to the FTC, consumers reported more than $80 million in cryptocurrency-investment scam losses during the past 6 months.  That represents a 10-fold jump from the same period last year.  Many victims thought they were in a long-distance relationship when their love interest started talking about a new crypto opportunity they had invested in.  About 20 percent of the money people reported losing in romance scams in general was sent in cryptocurrency.  For more information about cryptocurrency and scams, click HERE.

Similar to wire transfers, gift card payments, and sending cash in the mail, cryptocurrency transactions generally cannot be undone.  And the pseudo-anonymous nature of cryptocurrencies makes it difficult for law enforcement to identify the people behind the transactions.  At least currently, most legitimate businesses and government entities will never ask you to pay using a cryptocurrency.  And many so-called “investment” opportunities are fraudulent as well.  The bottom line is, if you receive an email, call, or text from a business, love interest, or anyone else who insists on dealing in cryptocurrency, you can bet it’s a scam.

Click here to go back to the top of the page.

Recent Local Scams and Summer Travel Safety Tips (06/10/21)

Here are two additional scams that have been reported in the Sheboygan area, as well as some summer travel safety tips.

Social Security Assistance

Recently, a local service organization reported that they received a call from someone purporting to be a Social Security Administration (SSA) “Public Affairs Specialist” and offers to provide financial assistance for that organization’s clients.  The caller attempted to obtain personal identifying information of the organization’s clients, including Social Security numbers and other personal information.  The caller ID displayed a number, which through investigation was later found to be an old SSA number, no longer in service.  Fortunately, the call recipient knew it was a scam and did not provide any of the requested information.  Remember, never provide personal identifying information over the phone when the call was unsolicited, and don’t trust caller ID.

‘Pay to Drive’ Checks

In this scam, the victim receives what appears to be a cashier’s check and a letter in the mail, often unsolicited, instructing the victim to deposit the check and keep a small portion for themselves.  The balance, the letter says, will be forwarded to a third party for payment of services.  The check will probably initially clear the bank, but within a short time will be identified as fraudulent, and you’ll be on the hook for the money.  Any time someone asks you to deposit a check, then send part of the proceeds to a third party, don’t do it – it’s a scam!  To see actual images of these types of checks and the letter that accompanies them, visit our website HERE.

Legitimate Check from FTC

Despite all the fraudulent checks, there are actual legitimate checks that are currently circulating.  One such example involves refunds from the FTC for people who paid for certain debt relief services.  These checks will include an explanation and details about the case, and can be looked up on their website.  Also, an example of a legitimate check and letter can be found on our website, HERE.  Remember, the FTC will never require you to pay upfront fees or asks for your personal identifying information, like SSN or bank account information.

Summer Travel Safety

When you’re on vacation this summer, don’t take a vacation from keeping you and your money safe.  Here are a few tips to help prevent fraud:

  • when booking travel, stick to name brand travel sites or book directly with the airline, hotel, or car rental; avoid unsolicited email deals
  • consider a mail hold – visit www.usps.com/manage/hold-mail.htm for details
  • use a credit card, not cash or debit card, for added fraud/theft protection; make sure your bank or credit card company has your current email/phone to notify you in case of fraud
  • lock your smart phone or tablet (with biometrics or six-digit code), turn off automatic connection to Wi-Fi, use only cellular data or private, password-protected Wi-Fi, and avoid unsecured public Wi-Fi; consider using a VPN client
  • watch out for data skimmers at public charging stations; bring your own portable charger

Click here to go back to the top of the page.

Local Case Studies (05/13/21)

Recent scams, warning signs, and prevention strategies were discussed on air. Two recent scams included:

Amazon unauthorized charge (current phone scam)

  • Victim noticed an “unauthorized” charge while reviewing account activity online. She searched the internet for an Amazon customer service number and unknowingly called a number not belonging to Amazon.
  • The scammer claimed there was another charge on her account in the amount of $10,000 and subsequently convinced her to allow him remote access to her computer. He claimed he was transferring her to a “financial manager” at her bank, who told her they needed to withdraw $10,000 from her account so the original charge “bounces.”
  • Victim was instructed to purchase gift cards at local stores, $500 each (“should be able to buy $6,500”). She was told “act calm and smile” and if questioned by store employees to say the gift cards are for a birthday party. She bought $3,000 (six cards) at the first store and gave the codes to the scammer who was on the line the entire time.
  • Victim went to a second store and was going to buy four $500 cards. She was told by staff she could only buy one, due to scams, and gave that code to scammer. She then went to a third store to buy six $500 gift cards. The cashier prevented the sale and told her to call police.

Bank smishing (phishing via text message) scam

  • Victim received what appeared to be a legitimate text from her bank asking to confirm possible fraudulent charge in Las Vegas. The victim then received a phone call advising of an ATM withdrawal in Las Vegas.
  • The scammer told the victim that he would cancel the victim’s card, issue a new one, and also disable online banking. The victim provided a PIN that was texted to her.
  • At some point, the victim felt that this was suspicious, called the bank directly, and realized it was a scam but not before $400 was transferred electronically via a direct pay service (sent to email address). Providing the PIN to the scammers compromised her account, which needed that two-factor authentication code to get into it.

Visit our Real Life Fraud Examples page to see various examples of real life fraudulent checks, currencies, and letters. These examples highlight common warning signs and elements to watch out for when considering whether something is fraudulent or a scam.

Click here to go back to the top of the page.

Elder Financial Exploitation (04/29/21)

The financial exploitation of older adults is often referred to as a form of elder abuse.  In Wisconsin, elder abuse is defined under WI Statute §46.90 – the law applies to persons age 60 or older who are subject to any of the following four categories: abuse (physical, sexual, emotional), neglect, self-neglect, and financial exploitation.

Each state defines financial exploitation a little differently, but in general it refers to the illegal or improper use of an elder’s funds, property, or assets.  Some examples include: (1) taking money or property, (2) forging an elder’s signature, (3) using their property without permission, and (4) using scams or deceptive acts for financial gain.

Unfortunately, these cases are often not reported.  There are several reasons why, but one of the biggest factors is that the victim is often scared or embarrassed to make a report because of their relationship with the offender.  Statistics show that over 85% of perpetrators are family members, most often the elder’s child.  Other trusted abusers can include: friends/neighbors, affinity groups (religious and cultural group leaders), health care providers, service providers, and other professionals.  Elders are also frequently exploited by strangers.

Why are elders targeted?  Generally, people in this demographic have established assets.  They may also be isolated and lonely, or unfamiliar with financial matters.  As noted above, elders often are reluctant to report financial abuse, and might have disabilities that make them dependent on others for help.  It is estimated that over 5 million Americans over age 65 suffer from dementia.

Financial abuse often leads to other forms of abuse.  Consequences of elder abuse include: declines in mental and physical health, higher risk of dementia, and increased financial loss.  The National Council on Aging estimates that the cost of elder financial abuse exceeds $36 billion annually.  Elder abuse victims are also estimated to be at 300% higher risk of death.

Whether you are a family member or a professional working with an elder, there are possible warning signs to be aware of that someone may be trying to exploit them financially:

  • large withdrawals of cash, or checks written to “Cash”
  • suspicious new accounts opened
  • signature on checks looks different than before
  • unpaid bills despite adequate income
  • someone new enters the pictures and starts to isolate the elder from family and friends
  • Elder suddenly becomes defensive about finances

If you live in Sheboygan County and suspect than an elder you know may be the victim of financial exploitation, you can make a report to your local law enforcement agency or contact the Aging and Disability Resource Center at (920) 467-4100.

Protecting vulnerable adults from financial exploitation is everyone’s business.  These people are our family, friends, and neighbors.  Education and training about these issues leads to awareness and prevention.

Click here to go back to the top of the page.

Robocall Update and the Recent Facebook Data Breach (04/15/21)

There is some good news when it comes to preventing fraudulent robocalls and it should be happening soon. The Federal Communications Commission (FCC) has established a deadline of June 30, 2021 for the implementation of the STIR/SHAKEN framework for calls carried over Internet Protocol (IP) networks. As a sign how serious they are, the FCC recently denied two major cell phone carriers’ petitions for extension of the deadline.  STIR and SHAKEN are acronyms for the specific protocols and standards involved in this technology – STIR refers to the Secure Telephone Identity Revisited standard and SHAKEN refers to Signature-based Handling of Asserted Information Using toKENS.  In simplest terms, this technology authenticates the Caller ID of the person using the network.  Most major carriers began implementing this program at the end of 2020.

What does this mean for you?  This framework is designed to prevent spoofed Caller ID’s and theoretically guarantees the Caller ID displayed on phones can be trusted.  The system will still allow certain “robocalls” signed and authenticated by the carrier, such as school closing information, reverse 911, and other community notifications.  This technology, combined with other proposed legislation such as the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act, should reduce or eliminate most fraudulent robocalls.

Another day, another data breach.  Recently, it has been reported that Facebook experienced a data breach involving an estimated half a billion people world-wide; an estimated 30-40 million Americans were reportedly affected, but no one really knows for sure how many.  The data breach occurred sometime before August 2019 and the data has recently been made available in public online database.

Don’t know about it?  That’s because Facebook chose not to notify individual users, claiming the vulnerability that allowed hackers to get the data has been fixed, and there’s nothing the user could do to fix it.  What information did the hackers get?  These thieves were able to access full names, phone numbers, location data, email addresses, and other biographical data.

So, what have the hackers done with all that info?  They’ve sold it.  Criminals, and others, can easily buy your information to engage in a variety of fraudulent activities – the low hanging fruit is to apply for credit as you.  As we’ve discussed before, your best protection against this form of identity theft is a credit freeze.  Information about credit freezes can be found on the Sheboygan Police Department website, or by clicking HERE.  If you are a FB user and have not frozen your credit, you are opening up yourself to having to deal with a multi-year mess of potential ID theft.

If you want to check to see if your email or phone number has been involved in a data breach, visit www.haveibeenpwned.com.

Click here to go back to the top of the page.

Grandparent Scam / ID Theft and the Importance of Credit Monitoring (03/25/21)

The “grandparent scam” is a version of an imposter scam, when the criminal poses as a grandchild asking for money.  Often, the criminal will use personal information gleaned from social media accounts and other publicly available resources to make the contact more believable.  Typically, the caller claims to need money for bail or some other legal matter, claiming that the matter is “urgent”.  Recently, a local woman was contacted by someone purporting to be her granddaughter (by name) and said that she was in legal trouble and needed money.  The imposter convinced the victim to send $10,000 cash via UPS to an out-of-state address.  An investigation revealed that the delivery address was a vacant house which was listed for sale, and the cell phone number used by the criminal was registered out of Canada, making obtaining subscriber information difficult.

So, what can you do to protect yourself?  First, if you receive one of these calls, don’t panic.  Take the time to check out the story by contacting the grandchild or other family member.  When possible, use internet search engines to look up addresses and/or phone numbers to verify their authenticity.  Whatever you do, never, never, not ever send cash through the mail.  Perhaps most importantly, if you have older parents or grandparents, share this information with them.  Instruct them to contact you or a family member if they receive a similar phone call or email, especially before sending any money.

Identity theft continues to be a leading cause of financial fraud in our community.  The Sheboygan PD recently investigated two cases of identity theft – one involving using a person’s personal information to fraudulently open a credit card account; the other using a person’s personal information to establish utility services in another state.  In both cases, the victims did not suffer an actual loss, but are having to dispute charges and repair their credit files.  Since payments were not being made on the fraudulent accounts, the unpaid balances were sent to collection agencies, thus adversely affecting the victims’ credit scores.

These cases reinforce the importance of credit freezes and regular credit monitoring.  Viewing your credit reports is free through the website www.annualcreditreport.com.  In the past, you were entitled to one report from each bureau (Trans Union, Equifax, and Experian) per year; however, under new COVID provisions, you are allowed to view a copy of your report from each bureau once per week, recently extended through April 2022.  By regularly viewing your credit report, you can become aware of potentially fraudulent activity sooner than later, making it easier to correct.

The single best protection against identity theft continues to be a credit freeze.  A credit freeze prevents criminals from opening lines of credit in your name and does not affect currently established credit.  For more information about credit freezes and how they work, click HERE.

Other services like Credit Karma (www.creditkarma.com) provide additional credit monitoring for free.  You can monitor your credit score for changes and get notifications about activity on your credit file (through Trans Union and Equifax).  If you’ve already frozen your credit, you will need to temporarily thaw it to establish Credit Karma account.  If you haven’t yet, but intend to freeze your credit, set up a Credit Karma account (if you wish) first.

Click here to go back to the top of the page.

Kroger Data Breach and Tips for Filing Your Taxes Safely (03/11/21)

Kroger (Pick ‘n Save and Copps) recently became one of the latest companies to experience a data breach of customer information.  Kroger was one of several companies using a company called Accellion to provide third-party data file transfer services (a simple way to share large files).  Due to its age, hackers were able to exploit a vulnerability in the file transfer software to access the sensitive customer data.  Kroger says that no credit or debit card data was stolen, but reported that the attack affected their money service (money orders, bill pay, check cashing) and pharmacy records, including personal data.  Kroger believes that approx. 2% of customers have been impacted.

This is another example of a “supply chain attack” – supply chain attacks involve using an outside partner or provider to access an organization’s systems or data.  So, what can you do to protect yourself against these types of threats?  The best defense remains implementing a credit freeze with the three credit reporting bureaus (Trans Union, Experian, and Equifax).  Remember, credit freezes prevent any new credit from being taken out without your knowledge, and do not affect current credit accounts.  Credit freezes are fairly easy to set-up and temporarily “thaw”, if needed.  Click HERE for more information about credit freezes.

Spring is upon us and that means that it’s tax season.  Last year, between 20 and 30% of Americans reported losing money to fraud, with many involving tax scams.  And not all losses are a result of a scam – some involve dishonest tax preparers.  Remember, when it comes to your tax return, you are ultimately responsible for all the information on your return, no matter who prepares it.  It is important to choose a tax preparer wisely: (1) check their qualifications, (2) review your return before the tax preparer signs and submits it, and (3) never sign a blank return.

Tax payers should also be wary of W2 phishing scams.  These scams involve criminals posing as someone high up in a company or organization.  The scammers send what may appear to be legitimate emails asking for copies of your W2 forms.  NEVER send this type of information without verifying the legitimacy of the request.

In addition, criminals employ IRS phishing scams to obtain money from victims.  Typically, the recipient with receive an “urgent” email or text claiming to be from the IRS.  The message usually involves instructions to click on a link and/or fill out a form.  Some tactics that criminals use include: IRS needs to update your online profile, you qualify for a refund, your credit card was fraudulently used, or you’re due a large sum of money.  To identify these scams, look for generic greetings, poor grammar or typos, or conflicting web addresses.  Like other phishing scams, NEVER click on links, download files, or reply – the IRS will never initiate contact via email, text, or social media.

Click here to go back to the top of the page.

Payment Apps and Car Infotainment Systems (02/25/21)

Payments apps like Venmo, Cash App, and Zelle offer convenient ways to send and receive money. According to a recent study, about 80% of U.S. adults use mobile payment apps. Unfortunately, many people assume that payment apps offer protections similar to those of credit or debit cards, but that’s not the case. Generally, transactions cannot be reversed if there’s a problem or if you change your mind, even if your account is linked to a credit card. In addition, some financial institutions are activating Zelle without customers’ knowledge, which could be an issue if your banking credentials are compromised and criminal gets access to your account.

If you decide to use a payment app, consider setting up a separate bank account for that purpose, and only put in money needed to fund those transactions. If you don’t, and have linked your savings account to your checking or payment account, the scammer may get access to those funds as well, through automatic overdraft protection, or compromised credentials. It is generally recommended that you never use these apps to send money to strangers – only use them with family, friends, or trusted sources.

Many newer cars on the road today offer a great deal of technology and connectivity. People often forget that these cars are really computers on wheels and present a variety security and privacy concerns. Today’s technology allows you to connect your smartphone to your vehicle to have easy access to your contacts, messages, photos, navigation services, and internet connection. Manufacturers generally refer to these systems as “infotainment systems” – they offer convenience, but at a price.

When you plug-in your smartphone, the system may collect a wide variety of personal information: home address, wi-fi passwords, contacts, emails, texts, and photos. In addition, if your car’s computer has been infected by malware, you could download that onto your phone, further compromising its contents. This is particularly relevant when using a rental car – because you don’t know who used the car before you, you take a big risk connecting your phone to that vehicle.

To limit your vulnerability when renting a vehicle, avoid connecting your phone at all. If you do decide to connect it, perform a “factory reset” of the infotainment system when turning-in the vehicle to hopefully erase your data. Remember, if you just need to charge your phone, use a cigarette lighter charger, not the USB port. When selling or trading-in your car, perform a “factory reset” on system as well. To ensure a full reset, ask the dealer to wipe the hard drive.

Click here to go back to the top of the page.

Four More Recent Local Case Studies (02/11/21)

Variations of different scams continue to affect people in our community.  By explaining what these scams look like and educating the public about the red flags to look for, we hope to prevent others from becoming victims.

Military “Romance Scam”

Romance scams are extremely prevalent and account for highest financial loss of all internet-facilitated crimes.  The Internet Crime Complaint Center (IC3) says it received over 15,000 romance scam complaints last year, with losses exceeding $230 million.  The FBI puts the true number higher as they estimate only 15% of these crimes are reported to law enforcement.

In this scam, the scammer usually originates contact with the target on legitimate dating sites or social media apps.  The scammer identifies themselves as a “soldier” serving oversees and says they need money.  Here are some red flags to look for:

  • all contact is online; no phone or video
  • scammer alleges “lack of support” by military, or requests money for basic needs (transportation costs, communication fees, medical expenses)
  • obvious grammatical errors, or pledges their love at warp speed
  • deployed soldiers do not find large sums of money and do not need your help to get that money out of the country

Car Rental Scam

This scam reinforces the importance of verifying what web sites you are visiting and limiting your business to known, legitimate companies.  In this case, the victim used an online search to locate discounted car rental deals.  She clicked on a link which took her to what appeared to be a well-known car rental company, but in fact was an imposter site.  Sometimes the scammer also employs a fraudulent phone number to facilitate contact.  The scammer ultimately tries to get the target to pay for the rental using pre-paid value cards.  Red flags to watch for include:

  • prices too good to be true
  • offer requires payment other than a credit card
  • always take the time to verify the web address, or search the phone number online for reports of fraud

Apartment for Rent

This scam has been around for a while and is very effective.  The scammer lists a vacant home or home for sale on a legitimate website (Craigslist, Apartments.com), advertising it “for rent”.  When people respond to the fraudulent ad, they are pressured to quickly submit a security deposit, typically being told the apartment is in “high demand”.  The scammer requires payment via wire transfer, electronic payment (Zelle, Venmo), or pre-paid cards.  Look for the following red flags:

  • renter claims to be out of town / cannot show apartment
  • renter says they will FedEx keys
  • renter wants you to move in “right away” or does not complete any screening process

Before sending money or signing any documents, identify the owner of the property and request to meet in person – be sure to visit the property in person.

Counterfeit Money

Counterfeit bills of various denominations have been circulating in Sheboygan.  When accepting cash, particularly denominations of $50 or $100, carefully scrutinize the bill:

  • Does it say “For Motion Picture Purposes” or “Copy”?
  • Carefully review the layout for signs of altering (uneven spacing, blurry letters, odd markings).
  • Do any of the bills have identical or sequential serial numbers?
  • Do not rely solely on “counterfeit detection pens” – they aren’t fool-proof and are not sanctioned by the U.S. Treasury.

When in doubt, do not accept the bill.  With advances in technology, counterfeiters are becoming more sophisticated in creating bills that appear genuine.

Click here to go back to the top of the page.

Marketplace Scams and Social Engineering Refresher (01/28/21)

Online scams are prevalent and rely on empty promises and the anonymity of the internet to be successful.  Two current scams utilize online marketplaces to separate people from their money.

$99 Windshield Repair (Facebook)

Scammers use fake/hijacked profiles to advertise $99 windshield repair, occasionally referencing know local businesses.  Scammers utilize Facebook Messenger to initiate communication, then persuade the target to call a Google Voice or similar phone number to continue transaction – the goal is to get target to pre-pay for repair, which doesn’t really exist.  A brief review of the associated Facebook accounts reveal that they are clearly not related to windshield repair.

Puppy Scam

This scam exploits subjects looking to purchase a puppy online, typically a unique breed, suggesting a higher purchase price.  The target responds to an ad on Craigslist or Facebook, with the “seller” requesting 50% down.  The “seller” may subsequently also request additional money for “issues” with the dog’s crate, vaccinations, etc., with the objective being to get the target to wire as much money as possible.  There is never actually any puppy for sale.

With both of these scams, remember – don’t pay upfront for a promise and consider how you pay.  Avoid wire transfers, mobile payments like Venmo and Zelle, and pre-paid value cards.

In addition, it is important to always keep in mind the pervasiveness and effectiveness of social engineering scams.  This time of year, IRS scams are very common.  COVID vaccination scams also continue to be prevalent.  These types of scams rely on “social engineering” to be successful.  Remember, social engineering tactics involve creating a situation in which the victim provides information of value to the scammer, under perceived pressure or duress.  They are design to exploit human behavior and tap into emotions that would cause the victim to disregard their better judgment.

To avoid falling victim to these types of scams, remember the 4 P’s:

  1. The scammer PRETENDS to be a person, or from an organization, you know.
  2. The scammer says there’s a PROBLEM or a PRIZE.
  3. The scammer PRESSURES you to act immediately.
  4. The scammer tells you to PAY in a specific way.

Click here to go back to the top of the page.

Recent Local Case Studies (01/14/21)

The following is a description of recent scams reported to the Sheboygan Police Department.

“You’ve Won” Lottery Scam

In this scam, the target receives a phone call stating “you’ve won” some type of lottery or cash prize.  All you have to do, they say, is send money to cover fees associated with the prize (taxes, processing fees).  The target is instructed to pay these fees via wire transfer or by using pre-paid cards.  This is ALWAYS a scam – you should never have to pay to win a prize.  In this case, further indications of fraud included that the target never entered a lottery or sweepstakes, and when checking the address provided by the scammer, the address was found not to exist.

Imposter Scam

There are many variations of this type of fraud.  In this case, the victim received phone calls from persons purporting to be from the FBI and DEA, using the names of actual prominent agency officials.  The callers alleged the victim’s involvement in violations of federal law and drug trafficking, and threatened arrest or imprisonment.  The victim was told not to tell anyone, and the caller aggressively demanded payment of thousands of dollars in wire transfers and/or pre-paid cards.  In some cases, the scammers will also ask for personal information like DOB or social security number.

Unfortunately, the victim initially purchased $5,000 in Nike pre-paid cards, then was convinced to withdraw a cashier’s check for almost $110,000 from her bank account.  The victim’s request was initially denied at her primary bank, but she went to a different branch that processed transaction.  The victim then deposited the cashier’s check at a different local bank belonging to the scammer’s accomplice in California.  The money was promptly transferred out of that account and made its way out of the country.

This case illustrates the importance of “front line” awareness and prevention efforts.  If you work in an industry that is involved in perpetuating these scams (banks, investment firms, grocery stores), please educate yourself about the indicators of these scams and be aware of suspicious activity.  Take the time to talk with your customers to determine legitimacy of the transaction.  Remember that often, victim’s will be scared and will have been told not to tell anyone.

Click here to go back to the top of the page.

Supply Chain Attacks and COVID Vaccination Scams (12/17/20)

Recently, the Solar Winds “cyber-attack” has been making the news.  So, what’s the big deal?  To begin with, SolarWinds is a software vendor that helps government agencies and Fortune 500 companies monitor the health of their IT networks.  More than 425 of the Fortune 500 companies utilize their services.  In addition, all five branches of the military and hundreds of universities and colleges are also customers of Solar Winds.  The recent hack could potentially affect any number of the more than 300,000 companies they service worldwide.

During this attack, hackers used a “supply chain attack” to infiltrate an unknown number of organizations.  What is a supply chain attack?  These attacks involve using an outside partner or provider to access an organization’s systems or data.  Locally, the Sheboygan Police Department continues to receive reports of compromised email and/or billing systems.  The scammers utilize vulnerabilities in these systems to introduce malware and/or attempt to get their victims to change or bypass traditional payment methods to obtain money by using hacked data (invoices, emails, bank info).

To avoid being victimized:

  • never get pressured into circumventing policies and procedures for an alleged “emergency”
  • verify anomalies or exceptions with supervisors or customers directly
  • report suspicious contact to IT department; consider having IT or outside cybersecurity firm run risk assessment of network

Another set of scams that has been increasing in frequency relates to the COVID 19 pandemic.  With the recent news of a COVID vaccine, criminals are creating various ways get your money, or try to trick you, which could result in serious injury or death.  Remember, you can’t pay to put your name on a list to get the vaccine.  Also, you can’t pay to get early access to the vaccine.  And nobody legitimate will call about the vaccine and ask for your social security number, bank account, or credit card information.

Remember these tips:

  • ignore any offers that demand money or ask for personal information
  • don’t fall for pressure tactics; i.e. “limited supply”, “act now”
  • before acting, double-check claims with info from credible sources
  • when in doubt, seek advice from your health care provider

Click here to go back to the top of the page.

Holiday Security Tips (12/3/20)

It’s the holiday season, and many people are spending time shopping for gifts, travelling, and giving to charitable organizations.  During this usually joyful time, fraud attempts increase about 30 percent.  To help protect yourself from fraud, consider these tips:

Shopping

  • When shopping for holiday gifts, be wary of unsolicited emails offering “to good to be true” deals
  • Avoid clicking on links and instead visit the product site directly
  • When shopping online, use a credit card (not a debit card) or single-use card numbers
  • If purchasing IoT devices, ignore “online” reviews on merchant sites (many are fake). Look for independent/objective advice, or talk to someone you know and trust. Research products’ privacy / data collection policies. Stick with mainstream manufacturers to ensure ongoing support (firmware upgrades, etc)

Home Security

  • Bring in delivered packages as soon as possible to prevent theft
  • If you’ll be travelling, consider installing timers on lights, and arrange for snow removal and mail hold
  • When travelling, remember to avoid unsecured WiFi and/or use a VPN client; use credit cards instead of cash

Charitable giving

  • Avoid responding to unsolicited texts or emails
  • Know who you’re donating to. Check out charitynavigator.org or give.org to determine which charities are reputable.
  • When in doubt, give directly to a local charity

Social media scams

  • “Secret Sister” Gift Exchange is popular on Facebook. It promises windfall of gifts if you send one $10-15 gift to someone on the list. Gifts never materialize, and it’s against Federal law.

Click here to go back to the top of the page.

Social Engineering Review (11/12/20)

Social engineering is the use of deception to manipulate people into divulging confidential information, or obtaining money.  It is a commonly used tactic by criminals to successfully commit acts of fraud and identity theft, and is used to deceive both individuals and businesses.  Below are two examples of actual recent cases targeted at businesses which occurred in Sheboygan:

Example #1

A local business legitimately orders equipment from vendor through a supplier.  Several months later, the accounting department receives an emailed invoice purported to be from the vendor, requesting payment.  The invoice states that the vendor is having issues processing checks because of a counterfeit check recently paid into their account, and as a result they are only accepting ACH or Wire transfers to their bank account.  The fraudulent invoice contained specific account and routing information, and approximately $70,000 was wired to the suspect account, aka “funnel account”.  Investigation by law enforcement identified that the funds were immediately transferred from the funnel account to a different account, then wire transferred to a bank specializing in cryptocurrency.

Red flags: suspicious reason for deviation from normal payment; review of email that sent invoice was misspelled – “billstrut” vs “billtrust”.

Example #2

A business received a fax purporting to be from a company that they had done business with previously.  Because the “company” hadn’t order for a while, their credit line had been reduced and the business required a new credit application.  The scammer submitted a new application with the names of three representatives from their “company”, along with corresponding social security numbers.  Based on that information, a credit check was run and the legitimate business approved the new line of credit.  They conducted business with the “company”, and over several months the “company” ordered almost $40,000 worth of product.  No payments were ever made, and when the business contacted the actual company, they advised there was no record of any employees by the names provided.  Also, the address that the business was shipping product to was a storage unit, not the legitimate company.

Red flags: sudden new contact from old customer; failed to verify information

Click here to go back to the top of the page.

Protecting Your Security When Using IoT Devices (10/22/20)

Many of us remember watching “The Jetsons” with fascination, dreaming about the technology of the future.  Well, much of that technology is here today and is often referred to as the Internet of Things.  Simply put, the Internet of Things (IoT) is a class of devices with built-in network connectivity.  These devices are present in manufacturing, health care, government, and in our homes.  Some common devices you’re probably familiar with include: televisions, cameras, thermostats, light bulbs, and refrigerators.  As technology advances, things like cars, utility meters, and even medical equipment have even been included in the IoT universe.

The number one concern with using these devices is security.  Since the idea of networking all these devices is fairly new, security has not always been a top priority during their design phase.  And unfortunately, many vendors often prioritize ease of use and functionality over security.  Many devices like cameras (think baby monitors and security cameras) often come with well-known, default passwords that many end-users do not change.  Other devices come with no password.

In addition, many end-users forget or simply don’t take the time to update the firmware on the device.  Since most IoT devices connect to apps on your smartphone or tablet, make sure you have reputable internet security software installed on these devices.  Set-up two-factor authentication, and know what data these apps are collecting, and how they use and store that data.

What can you do to be more secure?

  • Set up a secure Wi-Fi router – your router is like the front door to your home network and needs to be secure. Use a strong encryption method (WPA2), set up a guest network, and change default usernames and passwords.
  • Review the default privacy and security settings of your devices.
  • Research products carefully before buying – know what steps the manufacturer has taken to protect your privacy.
  • Update firmware.
  • Consider upgrading older devices.

Click here to go back to the top of the page.

PCH Scam / National Cybersecurity Awareness Month (10/08/20)

Recently, our area has seen an increase in reports of a “you’ve won money” scam.  You get a call from someone claiming to be from Publisher’s Clearing House, notifying you that you’ve won the sweepstakes.  They ask for your social security number and bank account information to verify your identification and send you your winnings.  The caller may also direct you to purchase pre-paid cards or gift cards and provide them with the numbers to pay the “fees” or “taxes” associated with your winnings.  Unfortunately, there are no winnings and this type of scenario is ALWAYS a scam.  If you do provide personal information like your social security number or bank info, make sure you immediately follow the following steps:

  • Freeze your credit, if not already frozen, with each credit bureau – click HERE for instructions
  • File a report at identitytheft.gov
  • Periodically monitor your credit reports at annualcreditreport.com
  • Consider setting up a My Social Security account at ssa.gov

October is National Cybersecurity Awareness Month (NCSAM), sponsored by the Department of Homeland Security.  The theme for 2020 is:

“Do Your Part. #BeCyberSmart.”

The purpose of this campaign is to bring awareness to the importance of being safe and secure while online.  Here are a few tips:

Pick Proper Passwords

  • make them hard to guess
  • go as long and complex as you can
  • consider using a password manager
  • one account, one password

Stop-Think-Connect

  • be thoughtful about what sites you visit and what info you share
  • regularly update software, firmware, and operating systems
  • shut down old accounts
  • check your app “permissions”

If in doubt, don’t give it out

  • protect your personal information
  • don’t reply to unsolicited offers
  • avoid online surveys that may reveal clues about your passwords

Each week, the campaign will focus on a different area of cybersecurity:

  • Week of October 5 (Week 1): If You Connect It, Protect It
  • Week of October 12 (Week 2): Securing Devices at Home and Work
  • Week of October 19 (Week 3): Securing Internet-Connected Devices in Healthcare
  • Week of October 26 (Week 4): The Future of Connected Devices

For more information, click HERE to visit the campaign’s website.

Click here to go back to the top of the page.

Crime Prevention Tips (09/24/20)

Today, we switch gears from talking about fraud and scams as Detective Kehoe offers some general crime prevention tips:

  1. Ensure that all doors and windows are locked to homes, garages, and vehicles – many preventable thefts and burglaries occur because a door or window is left unsecured
  2. Keep valuables in a safe and secure location – often police take reports of firearms and other valuables that are left in plain view
  3. During hours of darkness, keep your property well lit – low cost LED lighting makes this an affordable and efficient way to keep your home and property safe (consider adding motion sensors as well)
  4. Install exterior and/or interior cameras – the advancement of technology has created affordable solutions to keep an eye on your property while away
  5. Get involved with your neighbors – neighborhood associations and watch programs are a great opportunity to meet your neighbors and learn more about what’s going on around your home; residents working together is a great tool when it comes to crime prevention
  6. Be mindful of what you post on social media – posting photos of newly purchased, valuable items can be risky, especially if you have a public account; be cautious of who can see what you post
  7. Report suspicious activity or victimization to the police – for a variety of reasons, people often chose not to contact the police for property crimes; our department’s patrol methodology is based, in part, upon data and crime trends, making timely reporting an important element of crime prevention
  8. If you are the victim of a property crime, take steps to prevent re-victimization; studies suggest that people are 67% more likely to have a thief return with a two week period after being the victim of a crime

For additional crime prevention strategies, click HERE.

Click here to go back to the top of the page.

Review of Phishing Scams and Revisiting Credit Freezes (09/10/20)

Pre-text, or “phishing”, emails and text messages continue to be the primary form of scam activity in the Sheboygan area.  These emails purport to be from well-known organizations like UPS, PayPal, Amazon, or the IRS, and contain logos and links that may seem legitimate.  To avoid putting your personal information in jeopardy, never click on links in these messages, or divulge any personal information.  When in doubt, go directly to organization’s known website to verify the email is legitimate, or call a confirmed phone number to speak with a customer service representative.

A credit freeze, fraud alert, and credit lock are ways to protect your credit reports from being used by scammers to open new accounts.  Click HERE to learn the difference between a credit freeze and a fraud alert.  The best defense against your information being used maliciously is to implement a credit freeze.  Credit freezes offer a higher level of security than fraud alerts, but require a little more work to implement and “thaw”.  Both are free and do not affect your current credit or your credit score.  Credit locks are not always free and are not governed by federal law.

Prior to setting up a credit freeze or fraud alert, consider signing-up for a free credit monitoring service such as Credit Karma.  These services allow you to monitor your credit and be alerted to new accounts in your credit report.  You can also check your credit weekly for free at annualcreditreport.com.

Click here to go back to the top of the page.

What’s Up with TikTok / Preventing Fraud During the 2020 Census (08/27/20)

Recently, the social media platform TikTok has been in the news regarding security concerns with using the app.  TikTok is a social network for sharing user-generated music videos, and is owned by ByteDance, a Chinese company.  Some fear that ByteDance may be compelled by the Chinese government to provide its user data to the Chinese government.  This user data includes sign-up information like the user’s phone number/email and a birth date (which the app does not verify), and user content, such as videos, messages, and location data.  The risks of using the app are comparable to other social media platforms, and because of the potential to encounter explicit or inappropriate content, the app is not recommended for children under 13 years of age.

To protect yourself or your teens while using the app, consider the following:

  • while there are valid concerns about how the Chinese government may use your data, TikTok collects fewer data points than apps like Facebook
  • for younger teens, parents should consider enabling parental controls and monitoring the content their children upload; click HERE for more information
  • set your account to “private” to limit people that can see your content
  • use a different, more secure platform for private messaging

The U.S. Census Bureau is currently visiting homes to collect responses for the 2020 Census.  Census takers are hired from the area they survey and work from 9am-9pm, including weekends.  They will ask general questions like the number of people in your home; age, race, ethnicity; and verify address and phone number.

What do you need to know to avoid scammers?

  • check to make sure the surveyor has a valid ID badge, with their photograph, a U.S. Department of Commerce watermark, and an expiration date
  • the U.S. Census Bureau will never ask for your social security number or bank account / credit card numbers
  • they will also never send unsolicited emails
  • if in doubt, call the U.S. Census Bureau at 844-330-2020
  • you can also search a staff directly at census.gov; click “About Us”, then “Staff Directory”

Click here to go back to the top of the page.

Review of Imposter Scams / COVID-19 Schemes (08/06/20)

An imposter scam is when a scammer pretends to be someone you trust and tries to convince you to send them money, or divulge personally identifiable information.

Two of the most recent versions of this scam have been facilitated using Facebook Messenger and the Facebook.com social media platform.  One form of this scam involves the scammer impersonating a celebrity or charitable cause.  Using social engineering, the scammer develops a relationship with the victim and gains their trust.  The scammer relies on the victim’s emotional response and desire to help in order to exploit the victim for money.  The other variation involves “extorting” the victim for money.  Using a false identity, the scammer initiates a romantic relationship with the victim, ultimately convincing the victim to send compromising photos or videos of themselves.  The scammer then threatens to send the images to family and friends unless a ransom is paid.  Occasionally, the scammer will employ some kind of fictional noble cause to justify the ransom, e.g. a sick or dying child.  Due to the sensitive nature of these scams, they frequently go unreported.

To avoid falling victim to these scams:

  • never trust the identity of someone you’ve only met through social media; confirm someone’s profile in person if possible
  • never send money to someone you met on social media
  • don’t send explicit images or videos, even to people you know; once these images are sent, you lose control of them forever

Scammers also continue to exploit the COVID-19 pandemic to defraud victims – an estimated $35 million has been lost by victims of this type of fraud since May 18th. These crimes are usually perpetrated by using robocalls and various messaging services.

Some of the schemes used by criminals include posing as “contact tracers” to obtain your personal information; selling counterfeit test kits, masks, and other PPE; peddling products that claim to be vaccinations or curse for coronavirus; targeting college students with promises of student loan forgiveness; and causing voter disruption by creating confusion about election dates and polling sites.

Here’s what you can do to protect yourself:

  • do not respond to unsolicited messages
  • do not answer calls from numbers you don’t recognize
  • authenticate product/service offers through verified websites

Click here to go back to the top of the page.

Social Engineering (06/25/20)

Social engineering is the art of manipulating people so they give up confidential information.  Of successful data breaches, 70-90% involve phishing or social engineering, 20-30% involve unpatched software, and only 1-10% account for everything else.

Human behavior is the weakest link in the cybersecurity chain.  Scammers rely on your strong emotional response to fear or uncertainty.  Their goal is to create chaos, whether real or perceived.  Scammers also try to exploit people’s tendency to want to be helpful.

Cybercriminals routinely profile us.  They research company websites and social media accounts.  Scammers know that people age 35 and over primarily use email as their means of communication, so most attacks occur via email.  For those 35 and under, scammers exploit social media messaging platforms, which are more popular with that demographic.  A scammer’s goal is to get you to click a link, claiming you won a gift card, or posing as friend, school, or employer.  Scammers are also keen on exploiting a person’s desire to accumulate “likes” and “followers”, a concept known as “gamification” and “FOMO” (fear of missing out).

Phishing and social engineering attacks have become more sophisticated, targeting officers of a company, or people with an emotional connection.  For example: an employee might receive an email purported to be from their boss regarding a “secret” law enforcement investigation.  The boss says people might go to jail and you must keep this confidential.  He says the company’s legal team will be calling w/ questions and you should cooperate fully.  The scammer’s goal is to make you feel a sense of urgency and willingness to help, therefor tricking you into divulging confidential information.  For those in corporate world, education and regular training, not just awareness, is crucial because of the enormous exposure risk (information, access to funds).

To prevent yourself from falling victim to social engineering scams, look for these clues:

  • you are being rushed
  • asked to bypass normal procedures
  • confusing jargon
  • overly curious or prying behavior
  • too good to be true

Click here to go back to the top of the page.

Unemployment Insurance Fraud / “Car Wrap” Scam (06/11/20)

The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs.  The primary state targeted so far is Washington, but there have also been reported cases in Massachusetts, North Carolina, Rhode Island, Oklahoma, Wyoming, and Florida.  Individuals residing out-of-state are receiving multiple ACH deposits from certain state unemployment benefit programs, all in different individuals’ names with no connection to the account holder.  Scammers convince victims to allow out-of-state unemployment insurance deposit into their account under false pretenses, then victims forward money to another person via MoneyGram, cashier’s check, or Bitcoin.  The original deposited money is fraudulent and victim is on the hook for re-payment to the bank.  This crime frequently develops out of the “romance scam”, where scammer already has access to victims’ bank account.  This fraud network is believed to consist of hundreds, if not thousands, of victims with potential losses in the hundreds of millions of dollars.  The banks targeted have been at all levels including local banks, credit unions, and large national banks.

Another scam seen recently in our area is referred to as the “car wrap scam”.  The FTC has a briefing about this scam here.  In summary, the victim typically receives a check to “wrap” their car with ad for product or business.  The check is much more than originally offered as payment, explaining the victim should deposit the check, keep part of it as their share, and wire the rest to another company that will wrap the car.  Weeks after the money is wired, the check bounces and the victim is on the hook for paying back the bank…needless to say, no one’s wrapping your car.

Click here to go back to the top of the page.

Combatting Fraud During the Summer Travel Season (05/28/20)

With the summer travel season upon us, vacationers face increased risks of fraud and identity theft.  Here are a few tips to help keep you and your money secure:

  • when booking travel, stick to name brand travel sites like Priceline, Expedia, and AirBnB; or book directly with the airline, hotel, or car rental; avoid unsolicited email deals
  • consider a mail hold – visit usps.com/manage/hold-mail.htm for details
  • use a credit card, not cash or debit card, for added fraud/theft protection; make sure your bank or credit card company has your current email/phone to notify you in case of fraud
  • lock your smart phone or tablet (with biometrics or six digit code), turn off automatic connection to Wi-Fi, use only cellular data or private, password-protected Wi-Fi, and avoid unsecured public Wi-Fi; consider using a VPN client
  • watch out for data skimmers at public charging stations; bring your own portable charger

Click here to go back to the top of the page.

Tips for Using Credit Cards Safely (05/14/20)

Despite advancements in security, credit card fraud is still a common form of identity theft.  There are several strategies you can employ to mitigate the risk of using credit cards and prevent you from falling victim to this type of fraud:

  • ensure that your card has the EMV chip; while not invincible from all fraud, the EMV chip is superior to the older magnetic strip
  • consider “contactless” payments; this method, accessible using most cell phones and some credit cards, employs NFC technology and is one of the most secure payment options available
  • when shopping online, only use your credit card on websites you trust; ensure secure sites by checking the URL for “https://” and for a lock icon in the address bar
  • avoid using a debit card online – credit cards offer more protection against fraudulent charges than debit cards; most credit cards impose a maximum liability of $50, or zero liability if reported immediately; however, with debit card fraud, you could face unlimited liability
  • watch out for skimmers at gas pumps; consider paying inside
  • sign-up for paperless billing; this decreases the chance of your account number being compromised
  • if you do want to receive paper statements, sign-up for Informed Delivery with the Post Office; click here to sign up

Click here to go back to the top of the page.

COVID-19 Scams (04/30/20)

There are a variety of scams being perpetrated by criminals exploiting the COVID-19 pandemic.  Some examples include:

  • scammers posing as Amazon, UPS, etc., asking you to “confirm you order status”
  • scammers posing as the IRS, Dept. of Labor, etc., offering stimulus money or other payments
  • scammers impersonating charities seeking donations
  • counterfeit goods (masks, gloves, sanitizer)
  • “work at home” scams
  • COVID-19 tracking websites containing malware and spyware

To reduce your risk, consider these suggestions:

  • do not click on links from sources you don’t know
  • watch for imposter emails claiming to be from the World Health Organization or CDC; also be alert for calls from cybercriminals pretending to be government organizations, family members in distress, or banks/credit card companies
  • ignore online offers for vaccinations or home test kits
  • do your homework before making donations; do not pay using gift cards or money transfers
  • only purchase items from reputable retailers
  • carefully scrutinize “investment opportunities”

Helpful websites:

Click here to go back to the top of the page.

Three Things to Do Right Now (04/09/20)

Criminals exploit fear and uncertainty to victimize targets of fraud and identity theft.  While no one strategy can protect you from fraud, there are three things you can do immediately to limit your risk:

  1. Freeze your credit – this will prevent scammers from opening fraudulent accounts using your information. For the difference between a fraud alert and a freeze, click here; for steps how to freeze your credit, click here.
  2. Review a free copy of each of your three credit reports (TransUnion, Experian, and Equifax) at annualcreditreport.com. Check for errors and fraudulent activity at least once a year.
  3. Do not respond to unsolicited requests for personal information – these may be in the form of emails, text messages, or phone calls. Watch for “phishing” attempts from criminals posing as government agencies or well-known companies.  Also, refrain from completing surveys on Facebook and similar sites that attempt to illicit clues to your passwords and security question answers.

Click here to go back to the top of the page.

footer_safeharbor
footer_neighborhood
footer_crime
footer_husting
footer_pride
footer_calendar