Bitcoin Theft

The FBI is warning of a rise in Bitcoin ransom scams in which scammers use scare tactics and extortion to squeeze money out of victims in the form of Bitcoin payments.

“Fraudsters are leveraging increased fear and uncertainty during the COVID-19 pandemic to steal your money and launder it through the complex cryptocurrency ecosystem,” the FBI warns.

a gold coin etched with the Bitcoin "Capital B with vertical strokes" and circuit traces in the background

Unfortunately, the cryptocurrency payment leaves no room for reclaiming the lost funds. Here’s all you need to know about these scams and how to best protect yourself.

How the scams play out
In some Bitcoin ransom scams, scammers hijack an email address associated with a business website and contact a client of the business. The email informs the victim that a hacker has found a vulnerability in the company’s website and is holding the victim’s data hostage until a Bitcoin payment is made for its release. The victim, fearing monetary loss, may comply with the scammer and make the payment. In reality, though, the scammer has only hacked into the company’s email database. They have no access to the customer’s sensitive information.
While the scammer can hijack any website that has access to clients’ sensitive information, financial institutions like Advantage One Credit Union, are especially vulnerable to this scam. We utilize strict protective measures, like encryption and updated security software to protect our members’ information, but fraudsters may still try to scam members by persuading them that their data is at risk of being exposed.

In another variation of the Bitcoin ransom scam, scammers use “sextortion” to take the victims for money. They’ll claim to have evidence of the victim engaging in questionable internet usage and threaten to share this information with the victim’s contacts unless a ransom payment is made immediately. Some criminals have taken this scam a step further during the COVID-19 pandemic. In addition to the threat of releasing the information they supposedly have on the victim, they’ll also promise to infect the victim and their family with the coronavirus unless a payment is sent to a Bitcoin wallet.

Protect yourself
Fortunately, ransom scams are easy to spot. If you receive an email allegedly sent from a business you use, and it contains a message similar to what’s described above, do not respond. You can contact the company yourself to ask if there has been a data breach. You will likely learn there has not been any sort of breach within the company.

Similarly, if you receive an email threatening to expose your internet usage history and/or to infect you or your family with the coronavirus, do not respond. Mark the email as spam and delete it promptly.

If you’ve been scammed
Unfortunately, cryptocurrency transactions pose an extra risk by being absolutely final. There’s no way to cancel a cryptocurrency payment, back out of a purchase or trace the Bitcoin wallet to its owner.

However, if you believe you’ve been targeted by a Bitcoin ransom scam, you can help prevent others from falling victim by reaching out to the appropriate authorities.

If the scammer posed as representatives of Advantage One Credit Union, be sure to let us know! We’ll send out a warning to all of our members and caution them not to respond to any emails claiming to have hacked our database or to have accessed our members’ sensitive information. If the scammer is posing as a representative of a different company, it’s a good idea to let them know about it, too.

It’s equally important to alert law enforcement agencies about every scam attempt. The FBI’s Criminal Investigative Division has a team that’s dedicated to preventing and fighting cryptocurrency laundering and fraud. If you are the victim of a cryptocurrency scam or you’ve been targeted by one, be sure to contact your local FBI field office or visit the bureau’s Internet Crime Complaint Center . You can also alert the Federal Trade Commission at FTC.gov.

Many people are struggling with financial hardships due to the economic fallout of COVID-19. Unfortunately, scammers are trying to make a difficult time even harder by extorting victims for money. Stay alert and stay safe!

Your Turn:
Have you been targeted by a Bitcoin ransom scam? Tell us about it in the comments.

Learn More:
consumer.ftc.gov
bitcoin.com
fbi.gov

 

Beware of Zoom-bombers

Young man on laptop interrupting a video conferenceWith social distancing mandates in order until at least the end of April, and three out of every four Americans under statewide lock-down, huge parts of normal life have now moved into the virtual world.

Social visits, executive meetings, classes and more happen over videoconferencing apps, with Zoom being the most popular. The app was downloaded 62 million times during the third week of March, and 60 percent of Fortune 500 companies are now using Zoom.

Zoom’s simplicity is likely the driving factor behind its popularity — and its vulnerability. The FBI is warning of a new kind of scam in which criminals join Zoom meetings with malicious intent.

As they explain it, without protective measures, like passwords and screen-share locks, anyone can join and disrupt a Zoom conference. “Zoom-bombing” is happening more and more often, with hackers hurling racial slurs or displaying graphic content in the middle of classrooms and business meetings.

Some criminals take it one step further by creating bogus domains that impersonate Zoom. When video conferences are set up on these domains, the hackers will use the opportunity to steal personal information from meeting participants, which they then go on to sell or use for criminal purposes.

The bureau recommends that Zoom users take the following precautions to protect their conferences from being Zoom-bombed:

  • Make meetings private by requiring a password or using the waiting room feature, which controls admittance of guests.
  • Share teleconference links directly with participants instead of posting them in a public forum, like a social media page.
  • Control screen-sharing by choosing “Host Only” in the screen-sharing options.
  • Make sure all participants are using updated software

Videoconferencing apps like Zoom are helping millions of Americans maintain a semblance of normalcy during the COVID-19 pandemic. Follow the FBI’s guidelines for secure videoconferencing to avoid getting Zoom-bombed. Stay safe!

COVID-19 Texting Scam

Cartoon of a touchscreen phone with COVID-19 graphicThe coronavirus pandemic has been raging on American shores for several months, but scammers are still finding new ways to exploit the panic, fear and uncertainty surrounding the virus to con people out of their money. The latest in a string of coronavirus scams involves a simple text message with criminal intent.

Here’s all you need to know about the coronavirus text scam.

The scam starts out with the victim receiving an alarming text message informing them that someone they’ve recently been in contact with is infected with COVID-19. They are then told to self-quarantine and to get tested for the virus.

Here is the actual text from one of these scams:
“Someone who came in contact with you tested positive or has shown symptoms for COVID-19 & recommends you self-isolate/get tested.”

The text also includes a link for the recipient to click for more information. Many unsuspecting people who read these messages innocently click on the link and play right into the scammers’ hands. The link provides the scammer with access to the victim’s device. The scammer can then scrape the victim’s personal information off the phone and use it to empty the victim’s accounts, open lines of credit in their name or even steal their identity.

If you receive a text message like the one described above, do not respond or click on any embedded links. Report the text to local law enforcement agencies, place the number associated with the message on your phone’s “block number” list and delete the message. You can also warn your friends about the circulating scam to keep them from falling victim.

Stay vigilant and stay safe!

Your Turn:
Have you been targeted by a coronavirus texting scam? Tell us about it in the comments.

Learn More:
fox29.com
katu.com
consumer.ftc.gov

Don’t Let Scammers Get Your Stimulus Check!

coronavirus cares act flyer with 20 billsMillions of Americans have received or are awaiting a gift from Uncle Sam to help them get through the coronavirus pandemic. As part of the Coronavirus Aid, Relief and Economic Security (CARES) Act passed on March 27, the federal government is sending out $290 billion in stimulus checks over the next half a year.

The first round of checks made its way to millions of checking accounts across the country during the second week of April and the next round is expected to be sent within a few weeks. The remainder will be mailed out over the following 20 weeks.

Unfortunately, scammers are doing all they can to get their hands on these checks before they reach the rightful recipients. The best way to keep your money safe from scammers is to arm yourself with information about the checks and to learn how to spot the scams.
To help you keep every dollar that’s coming to you and avoid falling victim to these scams, Advantage One Credit Union has compiled this comprehensive guide on the stimulus check process and the connected scams.

Important information about the stimulus checks
Many Americans aren’t aware of this crucial fact: You do not need to take any action to receive your stimulus check. There is no form to fill out, no number to call, and no information to share. Every eligible citizen should receive the check without having to take any action.

The feds are using the most recent tax filing information they have from each eligible citizen to send out the checks. They will use information from 2019 tax returns to determine the check amount and get recipients their money. Those who haven’t yet filed taxes this year (the tax deadline has been extended to July 15), will have the information from their 2018 taxes used. Social Security recipients, and anyone else not required to file taxes, do not need to take action either; the government already has their information on file.

There is no need to share information, such as a Social Security number, checking account number or home address, with anyone. There is no need to “sign up” for your check either. All you need to do is wait for your check to land in your mailbox or in your account. Remember the simple rule: There is no need to take any action to receive your check.

When you may need to take action
The only exception to the above rule applies to those who have not yet filed taxes for 2018. These citizens may need to submit a simple tax return to receive their check.
Also, the government has shared that it can only deposit the money directly into checking accounts if it has this information on file for the recipient. This criterion includes nearly all citizens who’ve received a tax refund for the taxes they filed in 2018 or 2019. Individuals receiving their checks via direct deposit will likely have their money sooner. Consequently, many people want to share this information with the IRS before the checks are sent out. It can be done via this link, which can also be used to look up the status of your check. Unfortunately, though, many people have reported that the IRS site has not been working properly recently, which is likely due to heavy traffic.

How the scams play out
The scammers trying to nab stimulus checks count on victims thinking they need to take action to get their checks. They use a variety of means, including phone calls, emails, text messages and social media posts, to ask victims to share information that will allegedly enable them to receive their checks. They may ask for the victim’s Social Security number, date of birth, PayPal account information, checking account details, home address or other personal information, claiming it is a necessary “sign up” step in the stimulus check distribution.

Alternatively, they may claim they can help you receive your check earlier through their website if you share certain information with them. They’ll often use sophisticated spoofing methods to make it appear as if they are legitimate government representatives. Once they have this information, though, they will reach out to the IRS to change your information so your check goes directly into their own accounts. Or, they may hack your account to withdraw the stimulus money as soon as it arrives.

If you receive any phone calls or messages asking for your personal information so you can receive your check, you are looking at a scam. Do not respond. Report the scam to the FTC at ftc.gov. The federal government has made it clear it will not be reaching out to citizens and asking for information before sending out checks. It has also shared that there is no way for anyone to gain early access to the stimulus check money.

Stay safe!

Your Turn:
Have you been targeted by a stimulus check scam? Tell us about it in the comments.

Learn More:
consumer.ftc.gov
usatoday.com
irs.gov

Your Smart TV May be Spying on You

Person sitting on couch in front of smart TV while on thier cellphoneIf one of your Christmas presents was a smart TV, or you splurged on one for yourself on Black Friday, you might be living with an in-house spy. The FBI is warning that smart TVs, which allow customers to stream their favorite shows through apps like Netflix and Hulu, can easily be hacked and used for spying. You can be sitting and binge-watching your favorite sitcom, or hollering at the screen as your team fumbles toward another devastating defeat, and all the while a stranger’s eyes are on you and the happenings in your house.

Before you start to panic or rush to toss that brand-new TV into the trash, we have shared all you need to know about this frightening new hack.

How is this hack carried out?
Lots of smart TV models are fitted with webcams and microphones. This allows the TVs to offer all kinds of super-cool features, from facial recognition that can be used to recommend favorite shows and settings to 41-inch screen video-chatting with faraway friends and families. The FBI is warning, though, that hackers are using these add-ons for nefarious reasons.

In the best-case scenario, the TV manufacturer and app developers can hack the TV’s webcam and use it to remotely change your channels, play with your settings or even stream inappropriate videos. Obviously, this can be unsettling and even frightening, but there’s no lasting damage.

In the worst-case scenario, though, cyber-criminals can hack their way into accessing these cameras and microphones, turn them on at will, and then spy on unknowing victims. By gaining access to the cameras, hackers can turn them on whenever they please, even if your TV is off at the time. Creepiness aside, this stalking can grant a hacker access to your computer’s router and lead to all sorts of unhappy endings, including identity theft, kidnapping and more.

“Beyond the risk that your TV manufacturer and app developers may be listening [to] and watching you, that television can also be a gateway for hackers to come into your home,” the FBI announced in a report. “A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.”

Is there anything I can do about this hack?
The FBI advises consumers to research the model of their smart TV and to familiarize themselves with the control features and camera settings.

“Do a basic Internet search with your model number and the words ‘microphone,’ ‘camera,’ and ‘privacy,’ ” said the FBI.

If possible, consumers should change the device’s default security settings and passwords. This will enable them to turn off the camera and microphone unless they are actually using them, and will serve as a deterrent for cyber-criminals seeking to control the TV from a remote location.

If you’re still spooked by the FBI’s warnings and you want to take stronger measures to protect yourself against spying, you can simply secure a piece of black tape over the camera to keep out any prying eyes.

Another important step to take for keeping hackers out of your smart TV is to always install software updates offered by the manufacturer. Keeping your device updated will afford you the strongest current protection against vulnerabilities and weaknesses.

“Generally, customers who keep their devices up to date won’t have too much to worry about,” says Matt Tait, cybersecurity expert and former analyst at GCHQ, the British signals intelligence service. “But for people who are particularly worried, or who don’t want the new ‘smart’ features, there is a simple solution to keep hackers out: unplug the device from your network.”

Our world is now smarter than ever, but along with the conveniences of an interconnected, digitized world come a whole slew of risks and vulnerabilities. Keep yourself safe by employing basic protective measures, keeping your devices updated and staying informed about the latest scams and hacks.

Your Turn:
Do you own a smart TV? What measures have you taken to protect yourself from this scare? Tell us about it in the comments.

Learn More:
cnn.com
foxnews.com
thehill.com

Beware the 2020 Census Scam!

2020 census sheet being filled outEvery 10 years, the Census Bureau makes an effort to count every person living in the U.S. Though the process won’t start until mid-March 2020, the Federal Trade Commission (FTC) is already warning of scammers exploiting the process to con you out of your sensitive information. That’s why it’s important to familiarize yourself with the census procedure; so you know what to expect and so you can easily spot a scam.

We have answered all your questions about the 2020 census.

What’s the purpose of the census?
The U.S. Census is conducted every 10 years to provide the federal government with an accurate count of every living person in the country. This number will affect the amount of federal funding each area receives. This, in turn, pays for Medicaid, affordable housing, mass transit, schools, parks and more. It also affects the degree of congressional representation each area receives.

How will the 2020 census invite people to respond?
To obtain accurate information, the US Census Bureau will reach out to every household, giving residents the option to respond online, via mail or by phone.
Here’s how those invitations will be distributed throughout the country:

  • 95 percent of households will receive their census invitation in the mail.
  • Close to 5 percent of households will receive their census invitation through personal delivery by a census taker.
  • Less than 1 percent of households will be personally counted by a census taker instead of being invited to respond on their own.
  • There are special procedures in place to account for individuals who do not live in households, such as university students and the homeless.

Households that do not respond to the invitation delivered via mail will receive reminder letters, postcards, and questionnaires until they do respond. If they still have not participated in the census by May 2020, the household will be visited by a census taker, who will count them in person. If no one answers the door when they come by, the census taker will leave a door hanger with a phone number for the household residents to call for scheduling another visit. The census taker will continue trying to reach the household personally, or by phone, up to six times.

What kind of questions will I find on the census form?
True to purpose, the census questionnaire will primarily focus on the number of people living in the household at the time the form is completed. You will also need to note each household member’s sex, age, race, ethnicity, relationships to the other residents, phone number and whether you own or rent the home. There will not be a citizenship question on the 2020 census.

How can I determine if a census taker is really a scammer?
One of the most widely anticipated census scams involves a fraudster posing as a census taker, obtaining sensitive information from unsuspecting residents and then using that information to commit identity theft.

You can easily verify a census taker’s legitimacy by asking to see their required photo ID.
Authentic ID will include a U.S. Department of Commerce seal and an expiration date. If you’re still feeling doubtful, ask for their supervisor’s contact information. You can also call the census regional office phone number to verify your census taker’s authenticity.
The most suspicious behavior a census scammer will exhibit is asking intrusive and inappropriate questions. Be wary of answering anything that sounds suspicious and read through the checklist below to learn how to spot a scammer.

A census taker will never ask you:

  • If you are a U.S. citizen
  • For your full Social Security number
  • For credit card numbers or checking account information
  • For a donation
  • To pledge your support for a political party
  • For personal information, such as your mother’s maiden name or the name of the elementary school you attended

A scammer might sometimes try to reach you by phone. By using caller ID-spoofing technology, it may appear as if they are actually calling from the Census Bureau. Remember, though, that a census taker will not reach out to you by phone unless you have failed to respond to several mailed invitations and reminders, and you have not answered the door when a census taker visited you personally. Be wary of any suspicious questions being asked over the phone. If you have reason to believe you are speaking with a scammer, hang up immediately.

If you suspect fraud, call 800-923-8282 to report the incident to a local Census Bureau representative. You also can file a report with the FTC . Your reports will help law enforcement agencies stop the scammers from committing additional crimes.

Your Turn:
Have you ever been targeted by a census scam? Tell us about it in the comments

Learn More:
abc7chicago.com
abclocal.go.com
consumer.ftc.gov

Beware of Coronavirus Scams

Man staring menacingly at camera while wearing a medical maskScammers are notorious for capitalizing on fear, and the coronavirus outbreak is no exception. Showing an appalling lack of the most basic morals, scammers have set up fake websites, bogus funding collections and more in an effort to trick the fearful and unsuspecting out of their money.

The World Health Organization (WHO) has published on its website a warning against email scams connected to the coronavirus. The agency claims it has received reports from around the world about phishing attempts mentioning coronavirus on an almost daily basis.

Closer to home, the Federal Trade Commission (FTC) is warning against a surge in coronavirus scams, which are being executed with surprising sophistication, so they may be difficult for even the keenest of eyes to spot.

The best weapons against these scams are awareness and education. When people know about circulating scams and how to identify them, they’re already several steps ahead of the scammers. Here’s all you need to know about coronavirus-related scams.

How the scams play out
There are several scams exploiting the fear and uncertainty surrounding the virus. Here are some of the most prevalent:

The fake funding scam
In this scam, victims receive bogus emails, text messages or social media posts asking them to donate money to a research team that is supposedly on the verge of developing a drug to treat COVID-19. Others claim they are nearing a vaccine for immunizing the population against the virus. There have also been ads circulating on the internet with similar requests. Unfortunately, nearly all of these are fakes, and any money donated to these “funds” will help line the scammers’ pockets.

The bogus health agency
There is so much conflicting information on the coronavirus that it’s really a no-brainer that scammers are exploiting the confusion. Scammers are sending out alerts appearing to be from the Centers for Disease Control and Prevention (CDC) or the WHO; however, they’re actually created by the scammers. These emails sport the logo of the agencies that allegedly sent them, and the URL is similar to those of the agencies as well. Some scammers will even invent their own “health agency,” such as “The Health Department,” taking care to evoke authenticity with bogus contact information and logos.

Victims who don’t know better will believe these missives are sent by legitimate agencies. While some of these emails and posts may actually provide useful information, they often also spread misinformation to promote fear-mongering, such as nonexistent local diagnoses of the virus. Even worse, they infect the victims’ computers with malware which is then used to scrape personal information off the infected devices.

The phony purchase order
Scammers are hacking the computer systems at medical treatment centers and obtaining information about outstanding orders for face masks and other supplies. The scammers then send the buyer a phony purchase order listing the requested supplies and asking for payment. The employee at the treatment center wires payment directly into the scammer’s account. Unfortunately, they’ll have to pay the bill again when contacted by the legitimate supplier.

Preventing scams
Basic preventative measures can keep scammers from making you their next target.

As always, it’s important to keep the anti-malware and antivirus software on your computer up to date, and to strengthen the security settings on all of your devices.
Practice responsible browsing when online. Never download an attachment from an unknown source or click on links embedded in an email or social media post from an unknown individual. Don’t share sensitive information online, either. If you’re unsure about a website’s authenticity, check the URL and look for the lock icon and the “s” after the “http” indicating the site is secure.

Finally, it’s a good idea to stay updated on the latest news about the coronavirus to avoid falling prey to misinformation. Check the actual CDC and WHO websites for the latest updates. You can donate funds toward research on these sites as well.

Spotting the scams
Scammers give themselves away when they ask for payment via specific means, including a wire transfer or prepaid gift card. Scams are also easily spotted by claims of urgency, such as “Act now!” Another giveaway is poor writing skills, including grammatical errors, awkward syntax and misspelled words. In the coronavirus scams, “Breaking information” alerts appearing to be from health agencies are another sign of a scam.

You can keep yourself safe from the coronavirus by practicing good hygiene habits and avoid coronavirus scams by practicing healthy internet usage. Keep yourself in the know about the latest developments.

Your Turn:
Have you been targeted by a coronavirus scam? Tell us about it in the comments.

Learn More:
consumer.ftc.gov
wsj.com
blog.malwarebytes.com

Why You Should Never Abbreviate 2020

Business person handing pen over for viewer to signIt may be a new year and a new decade, but scammers are still looking to con you out of your money. In fact, experts are warning of a new scam that is as simple as changing the date on a personal check, financial document, or another important paper.
Here’s what you can do to protect yourself:

The 2020 scam
The newest scam of the decade involves the dates on important documents. Most of us are accustomed to abbreviating the date by using the last two digits anytime we need to write it. For example, if we were dating a document for March 2, 2019, we might write it out as 3/2/19.

While it was fine to do so in the past, continuing this practice in 2020 can be problematic. With the two sets of digits that make up the new year being identical, abbreviating the date on important documents opens us up to all sorts of scams. It only takes a few seconds for a scammer to change the “20” on a document to “2021” or to “2019.” This can lead to multiple problems for the document signer.

What kind of damage can be caused by this scam?
There are endless ways that date modification can be employed in a scam.
First, let’s take a look at what happens if the date is changed to an earlier year. If a scammer gets their hands on a check that was made out to you and decides to backdate it, the check may no longer be valid. Similarly, if you signed a legal document or a contract this year and a scammer adds “19” to the end of the “20” that you wrote to indicate the year, it now looks like you signed this document in 2019. As a result, your contract may no longer be valid. If this scam is pulled off on paperwork for an outstanding debt, your debt will now appear to be overdue. Thanks to this ruse, you might be charged late fees for a loan that is not yet due, or you may be charged a monthly fee for a time when you did not yet owe any payments.

The other way this scam can be executed is for the date to be changed to a future year. To pull this off, criminals will use the “20” you scrawled for the year, and change it to “2021” or later. If someone signed a document agreeing to start paying you for services you rendered in 2020, they can make it appear as if they don’t owe you any money until next year. Also, if you’ve neglected to pay a debt that is already past the statute of limitations, a scammer can modify the year on the relevant documents to make it appear as if you are still accountable for the debt.

While this scam is as new as the new year, and it’s still too early to know what kind of damage it can cause, financial experts agree that the threat is very real and precautions should be taken.

Avoiding this scam
As scams go, the 2020 scam is fairly easy to prevent. As you work on breaking free of bad habits and making improvements, add this to your list of New Year’s resolutions: Don’t abbreviate the year. Train yourself to write out “2020” in its entirety anytime you need to date a check, financial document or important paperwork of any kind. This simple precaution will keep you from falling victim to a date manipulation scam. It’s also a good idea to write out the full month when dating an important document, especially in January and February, since “1” and “2” can easily be changed to look like you wrote 10, 11, or 12 as the month. The stroke of a pen can push off the date on your document by nine full months or more.

Remember, the habit that was harmless in 2019 could make you vulnerable to fraud in 2020.

Your Turn:
Can you think of any other ways scammers can manipulate a date to their benefit? Tell us about it in the comments.

Learn More:
usatoday.com
mentalfloss.com
clark.com

Take Precautions with Connected Security Cameras

Adult viewing a child on a connected security deviceWhen parents hear, “Mommy!” yelled from their child’s room, it’s usually the result of a minor ouchie, or perhaps a stomach ache.

But, for recent users of a doorbell security camera, hearing, “Mommy!” come from their daughters’ bedroom turned their dreams of peace of mind into a nightmare.

Hackers have recently been gaining access to users’ homes via their systems’ two-way talk features. Two-way talk allows users to see what’s going on in their homes and talk to the occupants from a remote location via smartphone or tablet.

One recent attack involved an 8-year-old girl who was told by a male voice over the Amazon Ring security camera in her bedroom that he was Santa Claus and wanted to be her friend—all after calling her racial slurs and telling her it was OK to mess up her room and break her television.

The frightened girl could be seen and heard calling for her mother in the video provided to the media.

In another instance, a woman was awakened while sleeping in her bedroom by a strange voice coming from her Ring security camera. The voice was yelling for her to wake up and calling her dog.

Google’s Nest Cam security cameras are not immune to hackers, either.

One couple experienced hearing a man’s voice over the camera system. It was talking to their baby and then yelling obscenities at them before asking why the homeowners were looking at him (the crook). They also reported that the hackers had made adjustments to their thermostat.

In yet another Nest Cam incident, hackers warned a family about a supposed North Korean missile strike.

A spokesperson for Ring told The Washington Post in a recent statement that the Santa incident “is in no way related to a breach or compromise of Ring’s security. Customer trust is important to us and we take the security of our devices seriously.”

They added that the hackers “often re-use credentials stolen or leaked from one service on other services.”

Nest’s parent company, Google, told CBS News that Nest’s system was not breached, adding that reported incidents stem from customers “using compromised passwords … exposed through breaches on other websites.”

The Ring spokesperson told the Post, “Consumers should always practice good password hygiene and we encourage Ring customers to change their passwords and enable two-factor authentication.”

To prevent these incidents from occurring, CNET.com urges companies to require two-factor authentication (2FA), not just suggest using it.

“2FA would need a second form of identity, often a one-time code sent to a phone after a username and password are entered, or a physical token that’s plugged in,” according to CNET.

The report adds that hackers are using a technique called credential stuffing, a practice of acquiring lists of stolen usernames and passwords and then trying to use them on different accounts. Software tools have been created to specifically hack Ring cameras.

Ring’s representatives told Vice, “As a precaution, we highly and openly encourage all Ring users to enable two-factor authentication on their Ring account, add Shared Users (instead of sharing login credentials), use strong passwords, and regularly change their passwords.”

Take precautions before hackers take your peace of mind via your home security system.

Your Turn:
How do you protect yourself from home security camera hackers? Tell us in the comments.

Learn More:
wsbtv.com
washingtonpost.com
cbsnews.com
cnet.com
vice.com

How To Dispute An Error On Your Credit Report

Woman on phone with credit bureauQuick-what’s your credit score?
As a financially responsible individual, you should be checking your credit on a regular basis. You can do this by signing up for free credit monitoring on a reputable website like CreditKarma.com, requesting your annual complimentary credit report from AnnualCreditReport.com and reviewing your monthly credit card statements.

If all goes well, your report will hold no surprises and your score will be in excellent shape, or steadily increasing. Sometimes, though, you may find an error in your report. It might be a sharp decline in your score when you know you haven’t changed your spending or bill-paying habits, a large transaction you’re sure you’ve never made or an unfamiliar line of credit. While it can be disconcerting to find a mistake in your credit report, the good news is you can contest errors like these and fix your score.

Mistakes you may find on your credit report
Credit report errors are quite common. In fact, 26% of participants in a study by the Federal Trade Commission found at least one error on their credit reports that brought down their score. A lower score can mean getting hit with higher interest rates on loans, and can prove to be an obstacle when applying for a new line of credit or a large loan.

Most of these errors can be traced back to clerical mistakes, though some are caused by a lack of action on your part, or by criminal activity.

Credit report errors include the following:

  • You’re mistakenly identified as someone with a name similar to yours.
  • A credit account was never included in your report, weakening your perceived credit worthiness.
  • Your loan or credit card payments were applied to the wrong account.
  • A legitimate credit account or debt has been reported and recorded multiple times.
  • Your name is still linked to your ex-partner’s accounts and debts.
  • Identity thieves have used your name and credit file to open accounts and take out loans you knew nothing about – and it’s unlikely they have been making payments on those loans.

To avoid credit report errors, make sure to use your legal name on every line of credit you open, to remove your name from any accounts you are no longer associated with and to have all of your creditors report your open accounts to the major credit bureaus. As mentioned above, it is also crucial that you monitor your score to find mistakes as quickly as possible.

3 steps to disputing an error

If you’ve spotted an error on your credit report, don’t panic. Follow these three steps to dispute the error and fix your credit:

Step 1: File a dispute with each of the major credit bureaus.
You’ll need to inform all three major credit bureaus, Equifax, TransUnion and Experian, about the error. All three bureaus allow you to file disputes online.

In your written dispute, you’ll need to clearly identify each disputed item in your report, explain why you are disputing these items and ask that the errors be deleted or corrected. Include your full contact information, as well as copies of any documents that support your claim. You can also include a copy of your credit report, highlighting the items you are disputing.

To file your dispute online, follow these links for each of the three major credit bureaus: Equifax, TransUnion, Experian.

You can also file your disputes by mail to Equifax and TransUnion; Experian currently accepts online disputes only. If filing by mail, it’s best to send your letter via certified mail with a requested return receipt. It’s also a good idea to keep a copy of your correspondence for your own records.

    • Mail your Equifax dispute to the following address:
      Equifax Information Services LLC
      P.O. Box 740256
      Atlanta, GA 30348
    • Mail your TransUnion dispute to the following address:
      TransUnion LLC
      Consumer Dispute Center
      P.O. Box 2000
      Chester, PA 19016

Step 2: Contact the creditor
After you’ve contacted each bureau, you can also reach out to the creditor that’s linked to the error in your report. This step isn’t necessary, but it may speed up the correction process.

Most creditors will provide a link or an address for disputes. When filing your dispute, follow the guidelines above and include all relevant information and documentation. Be sure to let the creditor know you’ve also contacted the credit bureaus, as they’ll want to include this information and a copy of your dispute if they report their findings to the bureaus. You can also ask to be copied on all correspondences between the creditor and the bureaus.

Step 3: Follow up in 30 days
Expect to be contacted by the bureaus and the creditor within 30 days after filing your disputes. If all goes well, your dispute will be accepted and your credit will be restored. In many states, you are eligible to receive a complimentary credit report following a registered dispute.

If one of the credit bureaus or a creditor refuses to accept your dispute or does not resolve the error in your favor, you can ask the bureau or creditor to include a copy of your dispute in your file and in all future credit reports. This way, a lender or creditor will be made aware of the alleged error when reviewing your credit. You may be charged a small fee for this service, but it is generally worth the price. If you feel the error is too significant to ignore, consider hiring a lawyer to help you contest the report and fix your credit.

Disputing an error on your credit report is fairly simple. Always monitor your score and be vigilant about correcting errors. The payoff can affect your financial wellness for years to come.

Your Turn:
Have you ever filed a dispute for an error found on your credit report? Tell us about it in the comments.

Learn more:
creditkarma.com
myfico.com
consumerfinance.gov