Your Complete Guide To Identity Theft Protection

Young woman in business attire seated at an outdoor cafe stares worriedly at a laptop screen with her head in her hands.Did you know there were 14.4 million victims of identity theft in 2018? According to Javelin Strategy, each case cost the victim an average of $1,050 – and that’s only the cost in dollars. When an individual’s identity is stolen, the thief wreaks major havoc on the victim’s financial health, which can take months, or even years, to recover from.

Fortunately, there are steps you can take to prevent yourself from becoming the next victim. Here is your complete guide to identity theft protection.

1. Monitor your credit
One of the best preventative measures you can take against identity theft is monitoring your credit. You can check your credit score for free on sites like CreditKarma.com and order an annual report once a year from each of the three credit reporting agencies at AnnualCreditreport.com. Also remember that Advantage One offers members a free annual credit checkup as well. However you obtain your score, be sure to check for any sudden hits and look through your reports for suspicious activity. It’s also a good idea to review your monthly credit card bills for any charges you don’t remember making.

2. Use multi-factor authentication
When banking online, or using any other service that utilizes sensitive information, always choose multi-factor authentication. If possible, use your thumbprint as one means of identification. Otherwise, use multiple passwords, PINs or personal questions to make it difficult for a hacker to break into your accounts.

3. Use strong unique passwords
Never use identical passwords for multiple accounts. If you do so, you’re making yourself an easier target for identity thieves. Instead, create strong, unique passwords for every account you use. The strongest passwords use a variety of letters, symbols and numbers, and are never mock-ups or replicas of popular phrases or words.

If you find it difficult to remember multiple passwords, consider using a free password service, like LastPass. You’ll only need to remember one master password and the service will safely store the rest.

4. Only use Wi-Fi with a VPN
Did you know you are putting your personal information at risk every time you use the free Wi-Fi at your neighborhood coffee shop (or any other public establishment)? When using public Wi-Fi, always choose a Virtual Private Network (VPN) instead of your default Wi-Fi settings to keep the sensitive information on your device secure.

5. Block robocalls
Lots of identity theft occurs via robocalls in which the scammer impersonates a government official or the representative of a well-known company. Lower the number of robocalls reaching your home by adding your home number to the Federal Trade Commission’s No Call List at donotcall.gov. It’s also a good practice to ignore all calls from unfamiliar numbers, because each engagement encourages the scammers to try again.

6. Upgrade your devices
Whenever possible, upgrade the operating system of your computer, tablet and phone to the latest versions. Upgraded systems will keep you safe from the most recent security breaches and offer you the best protection against viruses and hacks.

7. Shred old documents
While most modern-day identity theft is implemented over the internet or through phone calls, lots of criminals still use old-fashioned means to get the information they need. Dumpster-divers will paw through trashed papers until they hit upon a missive that contains personal information. It’s best to shred all documents containing sensitive information as soon as you don’t need them.

8. Keep personal information personal
Be super-cautious about sharing sensitive data, like your Social Security number and banking PINs, with strangers – and even with friends. It’s also a good idea to use the strongest, most private security settings on your social media accounts to keep hackers out.

9. Invest in identity theft protection
If you’re still nervous about being the next victim of identity theft, you may want to sign up for an identity-theft protection service. Advantage One offers affordable Identity Theft Protection service in conjunction with our Benefits Plus checking account. Other services don’t come cheap, but services like LifeLock and IdentityForce will monitor your personal information online and immediately alert you about any suspicious activity.

Identity theft can be an expensive nightmare. Be proactive about protecting your identity and keep your information and your money safe.

Your Turn:
Which safety procedures do you follow in order to protect yourself from identity theft? Share them with us in the comments.

Learn More:
safesmartliving.com
wisebread.com
centsai.com

All You Need To Know About The Capital One Data Breach

Capital One bank Hq buildingIn late July, Capital One Bank announced that 106 million of its card holders had their data compromised in a massive breach that stretched over four months. Among the victims, 140,000 customers had their Social Security numbers swiped and approximately 80,000 had their linked checking account numbers stolen. No credit card numbers were reported to have been lifted in the breach.

The company fixed the vulnerability immediately and promised to alert all victims of the breach about their compromised data. The alleged hacker has been apprehended and steps are being taken to ensure a breach of this magnitude doesn’t happen again.
The Capital One issue was hardly the first of its kind to hit the news in recent years. Factors like online data and sophisticated hacking tools have spawned a wave of data breaches that have hit all kinds of businesses and service providers, from police departments to eateries, major retailers and online search engines.

In light of the multiple and wide-reaching data breaches over the past few years, experts recommend that everyone, even those who are not Capital One credit card holders, take the following 5 steps to protect their information from hackers:

Freeze your credit – Placing a freeze on your credit is the first and most crucial step you can take to stop scammers from making use of your information. A credit freeze will not affect your credit score, but does serve as a red flag for lenders and credit companies by alerting them to the fact that you may have been a victim of fraud. Consequently, hackers will not be able to open a new line of credit or apply for a loan in your name.
You can now freeze your credit at no cost at all three of the major credit bureaus, Equifax, TransUnion and Experian. You’ll need to provide some basic information, including your date of birth and your Social Security number. You’ll receive a PIN for the freeze that will need to be used for lifting the freeze should the need arise.

Enable two-factor authentication – If you haven’t already, change all of your logins to two-factor (also called “multi-factor”) authentication. Whenever possible, choose a non-password authentication, like face recognition or thumbprint sign-in. This will provide an extra layer of protection against hackers and scammers trying to access your account.
Sign up for credit monitoring – Capital One is offering free credit monitoring for all victims of the data breach. You can find out more about this offer and general information about the Capital One data breach here.

Even if you’re not a Capital One card holder, you might want to consider signing up for credit monitoring to prevent being a victim of a data breach in the future. The service will immediately notify you about any suspicious activity on your accounts so you can stop potential hackers in their tracks. Credit monitoring will run you $10-$30 a month, but you’ll have the security of knowing that the company is on the lookout for any signs of trouble with your credit.

Use strong, unique passwords – Always choose strong passwords for all your accounts and use different passwords for each login. Your passwords should be at least eight characters long, and use a variety of numbers, letters and symbols. Vary your capitalization use as well, and never use your name, phone number or a common phrase as your password.

If you’ve been using your current passwords for a while, consider changing them up now. You can make this task easier by using a password aggregator like LastPass or Sticky Password.

Strengthen your security and spam settings – Never answer emails asking you to share sensitive data, even when they appear to be from legitimate companies. Make sure your devices are fully updated, and keep your spam settings on their strongest levels. It’s also a good idea to keep your social media accounts as private as possible to keep scammers from finding out personal details about your life which they can use to crack open your passwords.

Hackers never stop trying to get at your data, but with the right protective measures in place, you can keep them from seeing success.

Your Turn:
Have you been affected by the Capital One breach? Tell us about it in the comments.

Learn More:
cbsnews.com

usatoday.com

upi.com

capitalone.com

8 Things To Do If Your Identity Is Stolen

Here are eight important actions you can take if you ever become the victim of identity theft.

  • Lock the compromised account.
    • Dispute any fraudulent charges on your compromised accounts and ask to have them locked, or even shut down.
  • Older man looking concerned as he browses files on his laptopPlace a fraud alert on your credit reports.
    • This helps alert creditors that someone may be trying to open accounts in your name.
  • Consider a credit freeze.
    • This will make it impossible for the scammer to open a credit line or loan in your name.
  • Alert the FTC.
  • Strengthen your passwords.
    • In addition to changing them, use strong and different passwords for all your online accounts.
  • Check your account statements.
    • It’s best to do so frequently to look for suspicious activity.
  • Open new credit cards and accounts.
    • Replace compromised accounts that you’ve shut down so you can be inconvenienced as little as possible.
  • Repair your credit.
    • Be extra careful about paying your bills on time and keeping your credit utilization low.

Your Turn:
Have you ever been the victim of credit card fraud? Share your story with us in the comments.

8 Ways To Spot A Job Scam

Young woman looks at a job sheet while verifying information on her smartphone.If you’re in the market for a new job, or you’re looking for extra part-time work, be careful. The Federal Trade Commission (FTC) is warning of a surge in employment scams of every kind. Victims might have their accounts emptied, their identities stolen, or they may even find themselves facing jail time for money laundering charges.

Protect yourself from employment scams by holding up any job you’re considering against this list of red flags:

1.) The job pays very well for easy work
If a job description offers a high hourly rate for non-skilled work with no experience necessary, you can assume it’s a scam. Legitimate companies will not overpay for work that anyone can do. Carefully read the wording of the job pitch. If the deal sounds too good to be true, it probably is.

2.) The job description is poorly written
Scrutinize every word of the job description. If it’s riddled with typos and spelling mistakes, you’re looking at a scam.

3.) They need to hire you NOW!
If a “business” claims the position needs to be immediately filled and they’re ready for you to start working today, assume it’s a scam. Most legitimate businesses will need time to process your application, properly interview you and determine if you are indeed a good fit.

4.) The business has no traceable street address or real online presence
If you’ve spotted a position on an online job board, your first step should be researching the company. Google the company name to see what the internet has to say about them. If you suspect a scam, search the name with words like “scam” and “fraud” in the search string. Look for a brick-and-mortar address, a phone number and a real online presence. If all you find are help-wanted ads and a P.O. Box, move on to better job leads.

5.) You need to share sensitive information just to apply
Does the “job application” you’re looking at seek sensitive details, like your Social Security number and/or a checking account number? Such information should not be necessary just to submit an application. You might even be innocently asked to share details you think are minor, like your date of birth, name of your hometown, first pet’s name or your mother’s maiden name. Of course, these are all keys to open up access to your passwords and/or PINs.

There’s no surer sign you’re dealing with crooks than being asked to share information that practically guarantees you’ll be scammed.

6.) You need to pay a steep fee to apply
Some legitimate companies charge a nominal application fee for hopeful employees. However, if the fee is absurdly high, or the company asks you to cash a check for them and then refund it, you’re being scammed.

7.) There’s no business email
Some job scammers will impersonate well-known companies to look authentic. For example, you might think you’re applying to an off-site job at Microsoft. You’ll be told to email your resume to JohnSmithMicrosoftHR@gmail.com. Your red flag here is the email address: The domain is generic. If the “recruiter” genuinely represented Microsoft, the email address would be something like JohnSmith@HR.Microsoft.com.

8.) The “recruiter” found your resume on a job board you never use
If the “recruiter” claims they’ve picked up your resume on a job board you don’t remember visiting, it’s not your memory failing you. Job-scammers often scrape victims’ personal details off the internet and then pretend to have received a resume. They’ll know you’re looking for a job, and they’ll know enough about you to convince you they’ve got your resume, but it’s all a scam. If someone contacts you about a position you’ve never applied for, or claims to have found your resume on a job board you’ve never visited, run the other way!

As always, practice caution when online. Keep your browser updated and strengthen the privacy settings on your social media accounts. When engaged in a public forum, don’t share information that can make you vulnerable, like your exact birthdate or employment history. Never wire money to people you don’t know well or agree to cash a stranger’s check in exchange for a commission. Above all, keep your guard up when online and use common sense: When in doubt, opt out!

Your Turn:
Have you been targeted by a job scam? Tell us about it in the comments, below!

SOURCES:
https://www.consumer.ftc.gov/features/scam-alerts

https://www.job-hunt.org/onlinejobsearchguide/job-search-scams.shtml

https://www.whatismybrowser.com/guides/how-to-be-safe-online/why-should-i-update-my-web-browser

Simple tips for protecting your parents from financial fraud

daughter helping elderly father check his account onlineAccording to the Federal Trade Commission, older adults are disproportionately affected by fraud.

Whether it’s a phony phone call, phishing scam, or mail fraud, seniors often become targets for scammers who perceive them as easy marks.

While you alone can’t put an end to this shady illegal activity, you can empower you parents with the knowledge to keep themselves—and their finances—safe.

Remind them about “stranger danger”
Your parents probably taught you the concept of “stranger danger” at an early age—and for good reason. Don’t interact with suspicious people. It’s an important lesson that’s relevant to adults as well as children.

If someone you don’t know asks for personal information, it’s probably a scam. Remind your parents to never give out credit card or account information, passwords, or social security numbers unless they can verify the identity of the person or business making the request.

Add their number to the Do Not Call List
When you add your phone number to the The National Do Not Call Registry, the government informs telemarketers not to call you.

Unfortunately, unscrupulous organizations and scammers ignore the registry and may continue to harass your parents, but they should see a reduction in unsolicited calls and text messages from those who abide by the law.

Give them a crash course in online literacy
If your senior parents use technology but aren’t completely familiar with how scams work online, they might not understand what to click and what to avoid.

Spend some time going over how to navigate the internet safely. Most importantly, explain email phishing. Emphasize that they should never click links in unsolicited emails from people or companies they don’t know.

If they use social networks like Facebook, warn them not to share anything too personal as scammers might use this information to impersonate friends or family members online.

Used with permission. © 2019 BALANCE. All rights reserved.

Credit Card Fraud In Fives

Businessman enters credit card number on a laptopNo one wants to be the victim of credit fraud. Aside from the stolen money you may never recover, victims of fraud can be faced with an enormous hassle. That hassle involves the closing of accounts, putting a fraud alert on your credit and a huge ding on your credit history, which can be difficult to fix.

Whodunnit? When we’re talking about credit card fraud, everyone’s pointing fingers at everyone else.

Consumers tend to blame the credit card issuer, but the vulnerability usually lies with the point-of-sale terminal. Tampering with a credit card reader takes just a few minutes and can be done with an inexpensive device that’s available on Amazon. In addition, there are lots of other ways your information can be skimmed, none of which point to a security deficiency with your credit union or credit card company.

Thankfully, there are steps you can take to prevent and recognize credit card fraud before it happens. Read on for all you need to know about credit card fraud in 5 lists of fives.

5 ways your card can be frauded

  1. It’s physically lifted from your wallet.
    The old-fashioned pickpocket is still a very real threat. Invest in a secure wallet and/or purse and always keep your card inside.
  2. A restaurant or bar server skims it.
    When you hand over your card to a dishonest server at the end of a meal, you give them a few minutes to skim your card while it’s in their possession.
  3. A terminal you use is compromised.
    Payment terminals can be tampered with and rewired to transmit your information to scammers. This is especially common in pay-at-the-pump gas stations.
  4. An online breach puts your information on the black market.
    After a company you use suffers a breach, your personal information may be up for sale on the dark web.
  5. Your computer’s been hacked.

Once a scammer gets inside your computer, they have full access to all of your sensitive data.

5 signs a terminal’s been compromised

  1. The security seal has been voided.
    Many gas stations have joined the war against credit card crimes by placing a security label across the pump. When the pump is safe to use, the label has a red, blue or black background. When it’s been breached, the words “Void Open” will appear in white.
  2. The card reader is too big for the machine.
    The card reader is created to fit perfectly on top of the machine. If it protrudes past it, it’s likely been tampered with.
  3. The pin pad looks newer than the rest of the machine.
    The entire machine should be in a similar condition.
  4. The pin pad looks raised.
    If the pin pad looks abnormally high compared to the rest of the machine, the card reader may have been fitted with a new pin pad that will record your keystrokes.
  5. The credit card reader is not secured in place.
    If parts of the payment terminal are loose, it’s likely been compromised.

5 times you’re at high risk for credit card fraud

  1. You lost your card.
    If you misplaced your card – even if it was eventually returned to you – there’s a chance your information has been skimmed.
  2. You’re visiting an unfamiliar area.
    When patronizing a business in an unfamiliar neighborhood, you don’t know who you can trust.
  3. A company you use has been breached.
    If a business you frequent has been compromised, carefully monitor your credit for suspicious activity.
  4. You shared your information online with an unverifiable contact.
    If you’ve willingly or unwillingly shared sensitive information online and you’re not certain of the contact’s authenticity, you’ve likely been frauded.
  5. You downloaded something from an unrecognizable source.
    Have you accidentally downloaded an attachment from an unknown source? Then your computer has likely been compromised and you’re at risk for credit card fraud.

5 ways to protect yourself against credit card fraud

  1. Check all card readers for signs of tampering before paying.
  2. Never share your credit card information online unless you’re absolutely sure the website you’re using is authentic and the company behind it is trustworthy.
  3. Check your monthly credit card statements for suspicious activity and review your credit reports on a frequent basis.
  4. Use cash when patronizing a business that’s in an unfamiliar area.
  5. Don’t download any attachments from unknown sources.

5 steps to take if your credit card has been frauded

  1. Lock the compromised account.
    Dispute any fraudulent charges on your compromised accounts and ask to have them locked or completely shut down.
  2. Place a fraud alert on your credit reports.

  3. Consider a credit freeze.
    This will make it impossible for the scammer to open a line of credit in your name.
  4. Alert the FTC.
    Visit identitytheft.gov to report the crime.
  5. Open new accounts.
    Begin restoring your credit with new accounts and lines of credit.

At [credit union], we’ve always got your back! Call, click, or stop by today to ask about steps you can take to protect your information from getting hacked.

Your Turn:
Have you ever been a victim of credit card fraud? Share your story with us in the comments.

SOURCES:

https://www.thebalance.com/how-credit-card-skimming-works-960773

https://www.thebalance.com/more-at-risk-of-credit-card-fraud-960780

https://www.makeuseof.com/tag/credit-card-fraud-works-stay-safe/

http://gizmodo.com/home-depot-was-hit-by-the-same-hack-as-target-1631865043

How To Protect Yourself From Identity Theft

Computer hacker staring through computer screenChances are, you or someone you know has had their identity stolen at one point or another. It can be expensive, stressful and extremely complicated to recover from. Here are seven ways to help protect yourself and your most important data from identity thieves.

1. Secure Your Hardcopies
Most of us think of identity theft as a digital crime, but many thieves are just as eager to get their hands on your paper documents. While online accounts are password-protected, important paper documents are often left in a drawer or simply tossed in the trash, where dumpster-diving thieves can find them.

What’s the solution? Buy a safe and a shredder. What’s not shredded goes in the safe. Of course, the same level of care should go into protecting your physical credit cards. Don’t put your wallet in your back pocket. Make it a habit to check to see you have all your cards and IDs when you get home at the end of the day. This will help you be aware of missing items earlier so you can cancel lost or stolen cards before too much damage is done.

2. Examine Your Financial Statements
Reviewing your financial statements is a good practice. Not only will this help you track financial habits, it will also alert you to any fraudulent charges. Credit unions and banks do a lot to protect consumers from fraud and identity theft, but only you know what you purchased and what you didn’t, so look closely at those statements!

3. Choose Good Passwords
Many people have one simple password they use for all devices and platforms. This is convenient, but dangerous. Yes, there is reason to worry that having multiple hard-to-remember passwords may make it more difficult for you to access your own accounts, but potential identity thieves will have a more difficult time too.

If you’re worried about remembering your own passwords, check out these easy and safe ways to store your passwords from Gizmodo.

4. Protect Your Computer
Malware is just one way identity thieves steal your data. Invest in a good and reputable antispyware program to make sure your hardware is safe from invaders.

Another way to protect your computer is to encrypt your hard drive. Apple computers and PCs alike will offer the option to encrypt all data in your hard drive. Go to your security settings and choose to activate the encryption option.

5. Be Aware of Suspicious Emails and Websites
If an email looks suspicious, it probably is. Make your email inbox a tightly curated collection. If you have too many promotional emails, start clicking the unsubscribe button. This will help you spot suspicious, unsolicited mails.

The same goes for websites. Your browser or antivirus software may try and warn you about suspicious websites before you enter them. Don’t disregard those warnings.

6. Use Two-Factor Identification
The most convenient option is not always the most secure, but given the choice between convenience and security, your best bet is the more secure one. Two-factor identification for email accounts and other important online accounts will add an extra step to the security process for log-ins, most often making use of your phone number as well.

7. Secure Your Wi-Fi and Avoid Public Wi-Fi
Public Wi-Fi is often insecure and can be a great way for thieves to get to your data. Steer clear if you can. If you have no choice, be sure to avoid all online banking or password logins while using public Wi-Fi. Additionally, be sure to secure your own home Wi-Fi with a unique and hard-to-guess password.

SOURCES:
http://www.identitytheftkiller.com/10-ways-to-avoid-id-theft.php
https://www.wikihow.com/Prevent-Identity-Theft

Look Before You Pump! Be Careful When You Use Your Card At The Gas Station

Two young ladies filling up car at gas stationHow many times a month do you fill ‘er up? It’s a mindless chore, but did you know it can also be the beginning of a financial nightmare? Gas pump skimming is an old crime that’s made a comeback – and your debit card may be at risk.

Every day, 29 million Americans pay for fuel using a credit or debit card. However, compromised pumps with skimming devices installed by scammers have recently been found in several states.

Since these skimmer devices are almost invisible, they can be really difficult to spot, enabling them to easily capture the information of up to 100 cards a day! And, thanks to Bluetooth technology, the criminal doesn’t even need to return to the scene of the crime to collect the data their skimmer has obtained; it can all be done remotely from as far as 100 yards away.

Yes, EMV-enabled technology has become more commonplace, but gas stations were given until 2020 to update their payment systems. This makes them even more vulnerable to such hacks.

Protect yourself against this heinous hack by arming yourself with all you need to know about card skimmers.

How it works
Hackers choose their gas pumps wisely. They usually opt to outfit the one that is farthest from the on-site convenience shop. This way, their activity is out of the range of any security cameras at the shop’s entrance. The hacker will then place a skimming device on top of the pump’s card reader. It will usually be identical to the existing reader, with only a few and hard-to-spot differences.

Sometimes, hackers may place a skimmer inside the pump itself. This task can be done in less than a minute. The hacker can then leave the area and access all the data being collected by the skimmer, with no one being the wiser.

Choose your payment method wisely
You may consider giving yourself extra protection by using a credit card or cash to pay at the pump. A credit card may be compromised just like a debit card, but you can easily dispute fraudulent charges made on your card. Depending upon your financial institution, your debit card may offer minimal purchase protection.

If you want the safest payment method, cash is a good bet. However, remember that cash cannot be replaced if lost or stolen.

How to spot a skimmer
If you don’t like the idea of carrying around wads of cash, you can still protect yourself against skimmers. Use caution while at the pump, and learn how to spot a skimmer. If something looks suspicious, move on to the next pump and report your findings to the local police as well as the gas attendant on duty.

4 ways to spot a skimmer:

  • Use your eyes. Check out the card reader very carefully. Do the numbers on the PIN pad look raised? Do they look newer or bigger than the rest of the machine? Does anything look like it doesn’t belong? Is the fuel pump’s seal broken?
  • Check the tape. Many gas stations place serial-numbered security tape across the dispenser to protect their pumps from skimmers. If the tape has been broken, or there’s no tape on the dispenser at all, it may have been compromised.
  • Use your fingers. Feel the card reader before sliding your card into the slot. Do the keys feel raised? Is it difficult to insert your card? These are both red flags that the card reader may have been fitted with a skimming device.
  • Use your phone. There are several free anti-skimming apps you can install on your phone, such as Skimmer Scanner. Using these apps, you can scan a card reader for a skimming device and get an alert if one is detected. You can also check your phone’s Bluetooth to see if any strange letters or numbers appear under “other devices.”

General card safety
It’s always a good idea to practice general safety when using a card to pay at the pump.

Choose the pump that is closest to the store and always cover the number pad with your hand when inputting your PIN. If you haven’t yet updated to a chip card, now’s the time to do so. It’ll offer you an extra layer of protection. It’s also a good idea to periodically check your account statements for suspicious charges.

Your Turn:
How do you pay at the pump? Why do you choose this method? Share your thoughts with us in the comments!

SOURCES:
https://budgeting.thenest.com/problems-using-debit-cards-gas-pumps-23710.html

https://www.creditcards.com/credit-card-news/gas-pump-atm-skimmers.php

http://news4sanantonio.com/news/local/skimming-devices-found-on-pumps-at-northwest-side-gas-station

All You Need To Know About The Ticketmaster Breach

Ticketmaster logoHackers are at it again! This time, they’re skimming information on third-party sites in what may be the largest credit breach ever.

To that end, in late June, Ticketmaster announced that several of its sites had been compromised. Recent research, though, has revealed that this breach was only a small part of a massive credit card-skimming hack that may have affected more than 800 e-commerce sites.

Here’s what you need to know about the Ticketmaster breach:

What happened?
Ticketmaster revealed that customer information on several of its sites was compromised. The ticket-selling giant claimed no U.S. sites — or customers — had been hacked.

However, cybersecurity firm RiskIQ has said that more than 800 international e-commerce sites have been compromised in this hack.

Sites like Ticketmaster often rely on a third-party code that’s hosted on other sites to support their own payment systems. Third-party codes present a single point of failure. That means, if this code is breached on its host site, every site that uses the code will then be compromised.

That’s exactly what happened with Ticketmaster. Several of the ticket giant’s websites ran code from Inbenta, a customer support software company. When Inbenta was hacked, the sensitive information of these customers was compromised.

Though Inbenta claimed only these Ticketmaster customers had been affected by the hack, RiskIQ has found that some of Ticketmaster’s global sites – including its U.S. site – was running code from SocialPlus, another third-party that had been compromised by the same group that hacked Inbenta.

The breach gets even worse: All websites that relied on code hosted on Inbenta or SocialPlus were also compromised. The number of hacked sites has been estimated to reach 800.

The hack was executed quietly and efficiently. Scammers changed the code on the host sites to skim the credit card information being entered at checkout on the e-commerce sites. Since each code can be used on numerous sites, compromising this point can give hackers instant access to the information of 10,000 victims.

Who is behind the attack?
RiskIQ has identified Magecart as the hacking group behind the attacks. This group has been active since December 2016, and RiskIQ has been tracking them for nearly as long.

The hacking group targets software companies that provide codes for e-commerce websites. By altering these codes, the hackers can skim information from millions of customers every day.

According to Yonathan Klijnsma, a threat researcher at RiskIQ, the Ticketmaster breach has a larger impact than any other credit card breach to date.

While the cybersecurity firm did not name specific compromised sites beyond Ticketmaster, it did disclose that close to 100 top-tier sites have been breached, including large brands and popular online retailers.

What should I do if my information has been compromised?
Unfortunately, with the point of failure in this hack taking place at a third-party site, there’s not much you can do to protect your information from being compromised. However, by taking immediate action if you’ve been hacked, you can mitigate the damage to your credit and help law enforcement agents apprehend the hackers as quickly as possible.

If your information has been compromised, take the following steps:

  1. Place a fraud alert on your credit accounts. This will warn creditors that you may have been victimized by identity theft and make it harder for a scammer to use your credit identity.
  2. Consider a credit freeze. This will make it impossible for a hacker to open new credit in your name.
  3. Alert the Federal Trade Commission. Let the FTC know you’ve been hacked at ftc.gov.
  4. Tell your bank or credit union. Don’t forget to tell us that your information has been compromised. We’ll help you determine your next step and guide you until your credit has been cleared.
  5. Dispute fraudulent charges. If you find any suspicious charges on your credit account, dispute them immediately. To do this, contact the associated financial institution and file a police report as well.

Scammers never take a break. Make sure you know what to do if your information has been hacked!

Your Turn:
Have you ever been the victim of a credit breach? Share your experience with us in the comments.

SOURCES:
https://www.nafcu.org/newsroom/more-800-e-commerce-sites-targeted-cyber-attack?utm_source=NAFCU+Today&utm_medium=Email&utm_campaign=daily+news

http://www.nbc-2.com/story/38649397/ticketmaster-data-breach-part-of-larger-credit-card-scheme-report-finds

https://www.google.com/amp/s/www.zdnet.com/google-amp/article/ticketmaster-breach-was-part-of-a-larger-credit-card-skimming-effort-analysis-shows/

https://www.riskiq.com/blog/labs/magecart-ticketmaster-breach/

Protecting Yourself Against Card Cracking Scams

Person in front of screen selecting fraud  prevention iconIn a recent scam targeting cash-strapped millennials, fraudsters are once again cashing in on people’s naivety and goodwill. Only this time they’re using social media to make it happen.

What makes the scam especially cruel is that fraudsters specifically look for victims who are short on funds, such as students with large loans hanging over their heads, struggling single parents or young professionals searching for a job. People who are desperate for cash also prove to be desperate enough to believe almost anything that will help them earn them a quick buck. Unfortunately, this vulnerability, coupled with the broad reach and easy plundering that scammers are granted by using social media, has made card cracking more successful in luring victims than many other scams.

Card cracking scams start with an innocent-looking social media post that appears like the dozens you scroll through every day. The post may show up on the victim’s Twitter feed, Facebook page or on Instagram, and it will always showcase some form of quick cash. It might be an easy-to-win contest with a huge reward for the winner. It can be a dream job that will instantly be yours – as soon as you follow the instructions. It may even be a complete giveaway, such as a cash bonus or a gift card that you’ll be granted just for sharing some information. If you click on the embedded link, you’ll be asked for your checking account information, your PIN or your online banking credentials.

Once the scammers have this information, they can do any number of things with their prize, from withdrawing large sums of cash from your account to using your debit card number for a massive shopping spree. They may even help themselves to funds you have in your account, such as a paycheck or student loan.

In another iteration of card cracking, scammers will tug on victims’ heartstrings, claiming their personal accounts are frozen and they have no access to money. They’ll ask the victim to allow them to access the victim’s account for simple transactions such as depositing checks. Once the checks are in, the scammer will cash in on the amount, and a few days later, when the check bounces, the scammer will be long gone. This variation is sometimes played out in person, on college campuses.

In yet a third scheme, card crackers promise victims a cut of fraudulent funds if the victim allows them to use their account. Victims often rationalize this crime by assuring themselves that they’re not actually playing a part in the fraud. Of course, they will still be held accountable when the scammers are busted.

Sadly, falling victim to a scam can be especially harmful for a millennial who is just beginning to build their credit history.

Don’t be the next victim. Here’s how to protect yourself from card cracking:

1.) Never share personal information with a stranger
You’ve heard it a thousand times, but this rule cannot be overstated. Never share sensitive information with a correspondent whose identity you can not verify with absolute certainty. You wouldn’t think of giving your checking account number to a solicitor you met on the street; why would you share it with a stranger online?

Of course, victims of card cracking and similar schemes believe the scammers are legitimate. That’s why it’s important to authenticate a web address, company or offer by asking for a street address or phone number. Additionally, by educating yourself about these scams, you’ll be able to spot one immediately.

2.) When it’s too good to be true, it usually is
Remembering this rule of thumb will go a long way toward helping you recognize scammers. Free or easy money exists only in fairy tales. Don’t believe the Facebook post that promises you’ll land that dream job you’ve been searching for if you only hand over your account passwords. Ignore the offer for a free gift card and don’t believe the sob story about frozen accounts leaving people penniless.

3.) Never cash a check for someone else
You are not a credit union or a check-cashing business. If someone approaches you in person or online and asks you to cash a check for them, politely refuse. Unless you would trust this person with your life, there is no reason to believe their tale is legitimate or that their check will be honored.

4.) Report suspicious activity
If you notice any suspicious activity on your account, report it immediately. You may have fallen prey to a card cracking scam and you don’t even know it!

Scammers may be smart, but you can be smarter. When you’re educated, alert and aware, you’ll be able to spot most scams before it’s too late.

Your Turn:
Have you recently spotted any card cracking scams on your social media platforms? Share what tipped you off in the comments!

SOURCES:

http://info.rippleshot.com/blog/what-you-need-to-know-about-card-cracking
https://www.google.com/search?q=card+cracking+scam&rlz=1CDGOYI_enUS753US753&oq=card+cracking&aqs=chrome.1.69i57j0l3.10532j0j7&hl=en-US&sourceid=chrome-mobile&ie=UTF-8
https://www.nextadvisor.com/blog/2016/07/18/know-about-card-cracking-scams/