Posts Tagged ‘scams’

Medicare Fraud. How We Can Fight it.

Wednesday, September 18th, 2019

Today we bring you a blog post from guest blogger and NJFA friend Charles Clarkson, Project Director of the Senior Medicare Patrol of New Jersey.


By Charles Clarkson, Project Director, Senior Medicare Patrol of NJ

 

Medicare fraud is estimated to cost American taxpayers $60 billion a year, monies that are siphoned off and are not available for legitimate Medicare services. At the Senior Medicare Patrol of NJ (SMP), which is a federally funded program, we want to educate Medicare beneficiaries so they do not become victims of Medicare fraud. There are steps Medicare beneficiaries can take to fight this fraud. The most important step is to protect your Medicare number. Even though Medicare issued new Medicare cards to all beneficiaries with randomly generated numbers and letters and removed the social security number from the cards, the Medicare number (now known as the Medicare Beneficiary Identifier) is still very valuable to fraudsters who can use it to bill Medicare. Beneficiaries should not give out their Medicare numbers to anyone they don’t trust. This is especially true for the many beneficiaries who receive robo calls on a constant basis. The rule of thumb is to never pick up the phone if you do not recognize the telephone number on your message machine. Let the message machine screen all of your calls and then you can decide to return the call or not. Most beneficiaries will find that no message is left and they can then ignore the call.

The next step is to always read your Medicare Summary Notice (MSN), the document a beneficiary receives from Medicare usually 3 months after seeing a Medicare provider. It is important for beneficiaries to review their MSN, not just because of fraud but because mistakes can also happen.

Step three is to keep a personal health care journal or calendar. Record every time you see a medical provider, take a test or have other services provided. When you get your MSN compare it with your journal or calendar. Make sure you are not being scammed. If you are not sure something is fraud or you have a question about the billing, call your provider and ask for an explanation.

Step four is to report any suspected fraud or error. This step is vitally important. Failure to report will translate into the provider getting away with any fraud or errors. Remember, this is your money. You pay Medicare premiums, co-pays, co-insurance, deductibles and other charges. If you need assistance in fighting Medicare fraud, as you were unable to resolve it yourself, call the SMP. Our telephone number is 732-777-1940 and our hot-line number if 877-SMP-4359. A beneficiary can also use our web-site to report a fraud on the form provided. Visit seniormedicarepatrolnj.org

Even if you are not sure if it is fraud but need questions answered, call us. We are a free service and we are here to help. Every beneficiary should feel empowered to help fight Medicare fraud. At the SMP we want to keep Medicare as a viable program that is there for every beneficiary.


Charles Clarkson is Project Director of the Senior Medicare Patrol of NJ

Scams and Tech, Part 3: Kicking Scammers to the Curb

Thursday, March 21st, 2019

By Mason Crane-Bolton

Make yourself a to-do list for completing these tips | photo via stock photos

We’ve already given you some tips to protect yourself against the scammers we’ve listed in this series, but what else can you do? How can you best ensure you’re safe from scams and scammers?

Sadly, there is no silver bullet, no perfect solution that will guarantee you’ll never be in contact with scammers or never fall victim to a scam. But there are many steps you can take to help protect yourself. These steps can be easily divided into two categories: proactive and reactive. Proactive steps are ones you can take to help ward off scammers—these are the best steps to take because they help prevent financial and/or identity loss. Although reactive steps aren’t as ideal, they’re a good way to handle scams after you believe you’ve been contacted by a scammer or have been scammed.

Proactive

  • Consider opening an account for your Social Security number (SSN) at https://www.ssa.gov/myaccount/ to monitor your Social Security account.
  • Consider freezing your credit—this option may help prevent identity theft, but don’t freeze your credit if you plan on making a major purchase in the near future, such as a car, boat or home. Credit checks run while your credit score is frozen will hurt your credit score.
  • Monitor your credit throughout the year. You’re entitled to free credit reports from Experian, TransUnion, and Equifax once per company per year. Rather than get all three at once, spread these reports out every four months to stay vigilant. You can learn more at https://www.annualcreditreport.com/index.action.
  • Never email or text your Social Security number or banking information, such as credit card, account, or routing numbers.
  • Never give your SSN or credit/banking information to someone who reaches out to you.
  • Educate yourself on the latest scams—scams tend to come in droves, so it’s helpful to learn what scammers might approach you with.
  • Install virus and malware protection on any device connected to the internet, including (but not limited to) computers, tablets, and smart phones.
  • Consider adding a trusted contact to your bank accounts—if unusual spending is noticed, your bank can alert you and your trusted contact (this may be particularly useful if you’re the victim of a romance scam).
  • Read reviews for organizations and businesses that send solicitations before engaging with them.
  • Look for the fine print on solicitations you receive. If a solicitation references a relationship with another business you know (say, your mortgage company or landlord/apartment management), contact that business directly to investigate the mail/email/text/phone call you’ve received.
  • Double-check any potential romantic/friend dates before pursuing a meeting or relationship. Let people you’re close to know about anyone involved in your life (even if the relationship is online-only).
  • Don’t open any emails or click on links or attachments you’re not expecting. This goes not just for emails from strangers but emails from loved ones—Scammers can hack into accounts or disguise their email address as coming from someone in your list of contacts.
  • Use your caller ID on your phone and let calls from unknown numbers go to your answering machine or voicemail. If you’re worried about missing an important call, you can always use the general principle, “If it’s important, they’ll leave a message.”

 

But maybe you’ve already gotten a suspect phone call, or a strange voicemail. Maybe you’ve realized, too late, that the person you gave your credit card number or sent money to wasn’t who they said they were. If these things have already happened, then it’s time to take reactive steps.

Reactive

  • If you receive a call you believe is a scam, hang up the phone immediately. If caller claims to be a from a legitimate business or organization, hang up the phone—reverse search and contact the actual organization. Ask if the organization has contacted you.
  • If you’ve opened an email that seems fishy, delete it immediately. DO NOT click on any links in the email!
  • If you’ve given your credit or banking information to someone you later suspect is a scammer, report this to your financial institutions and request new card and account numbers.
  • Report any attempted scams.
  • If you’ve been a victim of a scam, report it—your report will help you AND might prevent someone from being scammed in the future.
  • You can report fraud to the Federal Trade Commission at ftc.gov/complaint.
  • To report Social Security scams, call the Office of the Inspector General at ?1-800-269-0271 or report online at https://oig.ssa.gov/report.
  • If you or someone you know has been the victim of an online scam, register a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx or with the New Jersey Division of Consumer Affairs at http://www.njconsumeraffairs.gov/ or by calling 800-242-5846 (toll-free in NJ) or 973-504-6200.
  • Don’t be embarrassed or ashamed to report it if you’ve been the victim of a scam—scams can happen to anyone.

 

While this is not a comprehensive list, these suggestions can help guard you against tech-based scams or help you even after you’ve found yourself to be victim of a scam. Remember, scams can pop up anytime, from anywhere, and are especially prevalent through all of our tech-devices. Remaining vigilant and working to minimize your exposures to scams is the best way to prevent being scammed. But if you are the victim of a scam, report your scam to the proper authorities—your report could help you and could prevent someone else from being scammed!

We hope you’ve enjoyed this series on tech-based scams! Come back in April for our newest blog!


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Scams and Tech, Part 2: Sweetheart Scams

Thursday, March 7th, 2019

By Mason Crane-Bolton

Are they interested in you, or your money? | photo via unsplash.com

In part one of our tech-scams series, we talked about the all-pervasive en-masse scams, the kinds of scams that flood your inbox and phone. Today we talk about a scam more sinister and possibly more dangerous, the romance scam.

Romance scams, also known as “sweetheart” scams, are one of the most prevalent tech-based scams. These scams may start off all “<3”s and “XOXO”s, but they end with heartbreak, $0.00 in your bank account, and maybe your stolen identity.

Romance/sweetheart scams are longer, more intense scams than the scams in the first installment of our tech-scams series. Sweetheart scams typically start online on dating websites or internet forums, but can quickly migrate to messaging services, emails, phone calls, or text messages. Many people fall victim to romance scams because of their long, drawn-out nature. It’s important to note that these kinds of scams aren’t new, but they’ve become easier for scammers to instigate with the advent of the internet, dating websites, and social media apps. It’s also important to know that although sweetheart scams are most common through internet-based channels, they can and do still occur offline through newspaper personal ads, etc.

Sweetheart scams target adults across all ages, but they’re more prevalent among older adults. And they’re successful. What does this mean and why? How can you protect yourself? How do romance scams work?

Some victims believe they’ll be quick to pick up on the lies, others may be blinded by an attraction or feeling of affection for the person they believe the scammer to be. Although it’s easy to think we can always tell if someone is interested in us or just our wallets, the truth is, it isn’t that simple. In romance scams the scammer is interested in a bigger payout, so they’re willing to invest more time and energy into the scam. This means they put a lot more effort into gaining your trust and access to your money and information. Long before they’ve talked to you, they’ll already have their stories straight. They’ll already have pictures they can send to you, phones they can use to call you, and plausible reasons why they can’t meet you or why they might run into financial troubles.

And, despite their name, sweetheart scams aren’t always overtly romantic in nature. Although the relationship between the scammer and victim is often under the pretext of dating or romance, the relationship may be seen as a friendship or companionship by one or both parties. Some people fall victim to these scammers because they believe sweetheart scams always involve overt romance or dating. The sad reality is that plenty of people have been scammed out of their money or identity believing they’re helping a dear “friend” they’ve met online.

So it can be easier for people to fall prey to sweetheart scams. But why is it so hard to get out of them? Won’t somebody in that person’s life notice? Won’t the victims eventually realize what’s going on?

 

While this isn’t an exhaustive list, suffice it to say there are many reasons it can be more difficult to get someone out of a romance scam, or even to notice one is occurring. Some of these reasons include:

  • The victim may be secretive about the relationship or may not divulge certain details (Even in the best, non-abusive, of circumstances, many of us are unlikely to tell friends and family how much money we’ve loaned or given to our significant other)
  • If the victim or the victim’s closest contacts aren’t scam-savvy (or if cognitive issues play a role) it may be harder for the victim to recognize red flags, such as common scamming techniques
  • Affection and attention are crucial to our happiness and health—If the victim is, or feels, isolated they may be more susceptible to sweetheart scams
  • Scammers may use “gaslighting” to make victims doubt themselves—“Gaslighting” refers to a technique common in abusive relationships where the abuser manipulates their victim into questioning their own perception of reality or sanity
  • Even if the victim has concerns, they may be too embarrassed to ask for help

 

Romance scams can be extremely difficult for not just the people directly involved, but for the people around the victim as well. Sweetheart scams prey on our need for love, affection, and companionship, and it can be incredibly painful to admit there’s a problem. It can be even harder to give those things up—even if the scammer’s “affection” isn’t genuine. The victim’s loved ones may also find themselves between a rock and a hard place: they don’t want to see their loved ones continue to be financially abused, but they also may come against a defensive victim who is unwilling to believe their boyfriend/girlfriend or friend is really taking advantage of them.

Across the country (and globe), there are countless stories of sweetheart scams and their victims. People who have been left bankrupt, had their identity stolen, or, at the very least, had their sense of safety and stability disrupted. Sadly, there are still many more victims out there who will never come forward out of feelings of embarrassment or shame. Some victims can recoup some of their losses through the legal system, but, unfortunately, most won’t see any of their money returned. The best way to avoid the losses caused by a romance scam is to steer clear of them through education and vigilance.

 

Here are some common tricks look out for:

  • The person claims to be in the military and unable to access funds (impersonating soldiers deployed overseas is a common tactic used by scammers. The U.S. military and U.S. government warn that you should not send money to anyone overseas or with these claims)
  • The person claims they have a large amount of money they’re currently unable to access (but promise to share this wealth with you in the future)
  • The person can never meet in person—or they make plans to meet but need to cancel after an emergency or tragedy (or they never show up at all)
  • The person consistently asks to borrow money
  • They ask for personal information that could be linked to your financial information
  • They ask for access to your financial information or accounts (they may use this for future identify theft or monetary theft)
  • It’s a “whirlwind” relationship
  • They ask you to send wire transfers, gift cards, or electronics
  • Reverse check the picture of your date—if the picture is attached to more than one profile, this is a major red flag
  • It seems “too good to be true”—whether it’s their profession, their photos, their financial situation, a combination of these factors or something else entirely, follow the old adage “If it’s too good to be true, it probably is.”

 

Dating websites, apps, and online forums can still be wonderful places to meet people for romance or friendship. The prevalence of romance scams doesn’t mean you need to throw out your computer or delete your apps, but it does mean you need be consistently vigilant and careful.

Just as you would with a blind date, let trusted people in your life know who you’re talking to online. They can help be a barometer for “normal” or “suspect” behavior and can alert you when something seems fishy—listen to their concerns and take them seriously, they are looking out for you.

If you or someone you know has been the victim of an online scam, register a complaint with the Internet Crime Complaint Center (IC3) at https://www.ic3.gov/default.aspx or with the New Jersey Division of Consumer Affairs at http://www.njconsumeraffairs.gov/ or by calling 800-242-5846 (toll-free in NJ) or 973-504-6200.


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Scams and Tech, Part 1: The En Masse Scams

Thursday, February 21st, 2019

By Mason Crane-Bolton

 Are you safe from scams? | photo via pexels.com

We know about tech. We know about scams—scams where older adults are often the target. But what do we know about how tech and scams overlap?

Wherever you live and however tech-savvy you consider yourself, it’s more than likely you encounter scams on an almost daily basis. Many of these scams may sound familiar: barely-legal businesses send flyers to your home insinuating to be affiliated with state or local agencies, or that urgent repairs need to be done to your residence; door-to-door or supermarket “magazine subscription sellers” try to get cash for magazines that will never come; a stranger who haunts a local business and always needs money for gas, etc. This isn’t a reason to give up on people or to believe that everyone you meet is out to do you wrong, but it is a reason to educate yourself and become “scam-savvy.” And where being scam-savvy may be more important than ever is in the use of those pervasive, everyday tools: our tech.

Why are there so many tech-based scams? Technology provides a quick and simple way for scammers to attempt scams on, literally, millions of people simultaneously at little to no cost. Scammers can send you emails, phone calls, and texts from anywhere in the world at any time. They can attach malware or spyware, infect your computer, get your information and your money. While there are some basic tools you can use to protect yourself from the uninvited scammers (antivirus programs for anything that connects to the internet—this includes not just computers, but smart phones, tablets, etc.) the most basic tools are free and always available: arming yourself with information, vigilance, and skepticism.

The tactics of most scammers are basic and easy to see through—so why do we fall for them? It’s not because we’re stupid or naïve—it’s because scammers also prey on our basic emotions: fear and love. The tactics of most scammers are to threaten either ourselves or someone we love.

Now, does this mean you can expect to get action movie-style emails in your inbox or texts to your phone? “Give me the last four digits of your Social Security Number or Fido gets it”? No, I don’t think that’s something you need to worry about. But what may happen is something like a call from the “IRS”—“We have recently opened a claim against you. Your bank accounts and benefits will be frozen unless we can confirm your Social Security Number,”—or from a “friend” of a loved one—“Hi, I’m a friend of your grandson and he just got arrested. He can’t make the call, but asked me to call you. Can you send a wire transfer for bail money?” Or you could get a seemingly legitimate email that appear to be from a well-known business, like Apple or Amazon.com, that claims your account has been locked, you’ve won a gift card, or someone has racked up huge charges to your account. (There are several other scams out there; the scams listed above are only a few examples of some of the currently common scam scenarios.) So, if and when you get these messages, what can you do?

First, don’t immediately react to your impulse of fear for yourself or a loved one. Don’t click on any links in an email, don’t rush off to send a wire transfer, and don’t give away any personal information, including your Social Security Number. Instead, stop, think, and confirm. Immediately hang up on any suspicious calls. If you have a concern about any claims against you or a freeze of your Social Security benefits, hang up and call the IRS (1-800-829-1040) or Social Security Administration (1-800-772-1213 or TTY  1-800-325-0778) directly. Even if the number that called you appears to be coming from a legitimate government agency, don’t trust it (scammers can disguise their phone numbers easily) and call the agency directly. If you receive a call that a friend or relative has been arrested or is in the hospital and needs money call that person first to check out the story (some individuals have reported tricking the would-be scammer by giving a false name for the loved one, birthday, etc. to verify the scam is a scam, but we recommend hanging up immediately to spend as little time talking to the scammer as possible). And if you receive an email from a business, go directly to that business’s website and verify whether there is any problem with your account (or call customer service). Never give any financial information or personal information in any of these scenarios where you did not initiate contact.

You can report fraud to the Federal Trade Commission at ftc.gov/complaint. To report Social Security scams, call the Office of the Inspector General at ?1-800-269-0271 or report online at  https://oig.ssa.gov/report.

Scams like these are usually quick and dirty and easier to see through. The scammers aren’t too likely to hound you constantly—when you don’t fall for the scam, they’ll just move onto the next person so they can make a buck. And usually (but now always) this means they’re a little easier to spot and avoid. The IRS and SSA won’t send you robo-calls or leave automatic voicemails, your grandchild or friend isn’t likely to have a third party call you while they’re in jail, and you’re probably not the winner (but we can dream) of a $1,000.00 Amazon gift card. But what other common scams are out there?

Check back on March 7th for part 2 of our tech-scam series: One of the other most common scams aimed at older adults? “Sweetheart” scams.


Mason Crane-Bolton is Communications Manager for the New Jersey Foundation for Aging. His writing has appeared in EpiphanyUU WorldTo Wake/To Rise, and others. 

Cybersecurity: Where does it begin? Where does it end?

Thursday, May 31st, 2018

Mitchell Feather, Vice-President, Creative Associates

 

It seems like every day brings news of more cyber threats and breaches, which seems to leave you with more questions than answers. Has my information been stolen? How should I respond? What can I do to protect myself? What can I do to detect and avoid threats?

Companies may take measures to protect – or share – your information. Regardless of new technologies, tools, patches, laws, and regulations, there is one unwavering fact: Cybersecurity begins with you – and ends with you. What you do or don’t do is critical and that cannot be overemphasized. When it comes down to it, you control what you do or don’t do to protect yourself, your money, and your information. And you cannot delegate that responsibility.

Protect Your Tools and Toys: The first thing you should do, if you haven’t already, is to ensure that you have installed the appropriate software and that the appropriate settings have been enabled (or disabled) to protect your computers, smartphones, tablets, etc.

You should have antivirus/antimalware software/apps installed on all of your devices. There are a number of very good products to choose from such as Sophos, McAfee, and Malwarebytes. Even though it might be tempting to install just free versions of some of these, you should look at the paid versions. They generally offer more features that can enhance your security and peace of mind.  

One thing that you must NOT do is respond to pop-up alerts that warn you that your device has been infected and recommending that you click on a link or button to install software to protect your computer or device. If you click on that link or button, you will probably achieve just the opposite and infect your device. More about this later.

Sometimes, while browsing websites, you may end up on a malicious web page that that results in your computer or device becoming infected. This is why a utility like McAfee’s WebAdvisor can be very helpful, and it is a free download which offers a number of protections. If you are looking for similar utilities, be careful with what you find in your search results. Some malicious threat actors have paid ads for product names that sound very legitimate but, in reality, are carefully thought-out schemes that are designed to trick you into installing malicious software.

Plan For the Worst: Sometimes, no matter how hard you try, bad things still seem to happen such as lost or stolen smart phones or computers or ransomware infections. This is one of the reasons you should always make backups of your devices – and keep the backups current. Procedures vary depending on the type of device. For Windows and Apple computers, you can backup hard drives you have physically connected to your computer or you can back up to a number of cloud services. For Android and Apple devices, there are settings on the devices to allow for automatic backups to Google or iCloud, respectively. Whether you are backing up to a USB-connected hard drive or to a cloud storage service, you want to make a practice of disconnecting it from the computer after you make the backup. Some variants of ransomware are “smart” enough to not only access all of your computer’s files, but they will also seek out any backups you may have and gain access to those as well.

Now, Assume the Worst: It is not unrealistic to assume that your personal and/or financial information has already been compromised by one or more of the many breaches that have occurred last year or prior. This means that you should be monitoring your financial assets.

You are entitled to a free copy of your credit report from Equifax, Experian, and TransUnion every 12 months. Nobody says that you have to take them all at once. Spread them out so you are getting a copy of your credit report every 4 months and review them carefully for signs of unusual activity or identity theft. You can order the free reports from annualcreditreport.com. That same website can also help explain what you should be looking for when you review your credit report. And do not think somebody is too young or too old to bother with this task. If somebody has a social security number, then their credit reports should be monitored.

Also, many banks now offer free credit score monitoring for their credit card customers. Depending on the bank, the information they offer will vary. But, generally, they will tell you if your credit score has moved up or down and provide some insight as to why it changed.

Talking About Credit Cards and Banks, most banks offer notification options, so you can be kept informed regarding any activity. Some banks will allow you to set an alert so that you can be notified if there is any credit card charge activity, even as small as a few cents. This may seem a little extreme but some fraudsters will run extremely small charges to test if credit card numbers are still valid while maintaining a low profile.

If you have not already, you should take other steps to secure your credit card and online banking accounts. Specifically, you should seek out if your online banking websites offer two factor authentication. If they offer two factor authentication, also known as 2FA, I strongly recommend you implement it. This advice extends beyond just online banking. You should implement 2FA for any of your online services that offer it: banks, brokerage accounts, telephone company, gas/water/electric utilities, email, Google, Facebook, etc. What if your bank does not offer two factor authentication? You may want to consider changing banks. You can find a list of banks, as well as other business and services, which support 2FA at https://twofactorauth.org.

Two factor authentication is based on two pieces of information rather than just a password. These factors can be various combinations of things like something you know (e.g., passwords or PINs), something you have (e.g., ATM card, smartphone), or something you are (e.g., fingerprint, voice print, or facial recognition). For greater security, we sometimes use more than 2 factors. This is referred to as Multi-factor authentication, or MFA. This is an area that is always changing in an effort to try to create more secure but also easier for you to use. Currently, the most common 2FA implementations you will find include sending you a security code by text message (SMS), by telephone call, or by email. Be careful if you are access any of your online sites from a smartphone and you have the security code sent to the same smartphone. If your smartphone gets lost or stolen, you may find yourself or your accounts a little vulnerable.

Many online websites also take advantage of security questions (e.g., In what town was your elementary school?, where did you meet your spouse?, etc.). I strongly advise you to lie when you answer these questions. Use answers that are totally irrelevant (e.g., What is your favorite color? Answer: “Outer Mongolia”) and meaningless to you or somebody else. Nobody says you have to tell the truth. All you have to do is remember your answers. And do not use the same questions or answers among different websites.

Let’s Pass on Passwords: Probably as far back as you can remember, you’ve been saddled with the task of creating and remembering passwords to access all sorts of information. Some of you used easily-remembered personal details like your anniversary date, your spouse’s name, your pet’s name, your mother’s maiden name, etc. Some of you may have just used easily remembered words such as your favorite food or flower. Some of you still use “password12345” or “qwerty” as your password. Even worse, many of you use the same password for many of your online login passwords.

There are serious security risks associated with these practices: If you use personal information as a password, a threat actor can figure out that password just by researching your personally identifiable information. Common words as passwords are also easily determined by threat actors by use of tools called password crackers, which use large dictionaries.

You are better protected by using complicated collections of letters, numbers and symbols, such as ‚ÄúP^MP2F7~HRnZ)LU‚Äù. You can also better protect yourself by using passphrases instead of passwords, complete with spaces when allowed. Additionally, replace some letters with numbers and symbols. You can go with lyrics to a song, poetry lines, etc. As an example, consider the lyrics of Over the Rainbow: Start with ‚ÄúSomewhere over the rainbow Way up high.‚Äù Replacing letters with numbers and/or symbols, this can become ‚Äú[email protected]!nb0w#wAyupHi!‚Äù. Or you can take just the initial characters of each word and put those together and similarly swap out some letters. This can become: ‚Äú50TrWuH!‚Äù Just use your imagination: the more complicated it is, the safer you are.

Remember not to use the same password or passphrase with more than one account. And change your passwords regularly. Also, if you get notified or read that any service that you use has been breached or compromised in any way, immediately change that password/passphrase.

Also, it is very important to remember to change the default passwords on any software service to which you subscribe or any hardware that you purchase. This is especially true for any internet routers, switches, wireless cameras, televisions, appliances, etc. The FBI and other agencies have released alerts warning about the threat actors from foreign countries that are trying to penetrate these devices.

You Expect Me To Remember This?: You have no decided to follow all of my advice about passwords. Remembering all of these passwords may prove to be more than challenging. Fortunately, there are some very good password managers available to you. Some are available for free, some you have to pay for. Two of the better password managers are Dashlane and LastPass.

Reign In Your Privacy: Now that we’ve covered the basics, let’s turn attention to keeping your information more private and less at risk. You should review and adjust some of your web browser settings. Additionally, you should review and adjust your privacy settings on your social media sites and other online accounts.

Check your web browser settings for privacy and security settings. There, you will find a number of options that would be useful to you. With Chrome, for example, you will find settings like “Protect you and your device from dangerous sites” and “Send a ‘Do Not Track’ request…”. I recommend enabling both of them. You will also find settings like “Automatically send usage statistics…” I recommend that you seriously consider whether or not you want to share this private information with Google.

You will also find a section to enable or disable the capability to Autofill information when you need to fill out online forms. I strongly recommend that you disable this functionality. Among the many reasons is the possibility that a threat actor can setup a web page to secretly retrieve all the fields of information that you have stored in the autofill feature. You should also NEVER store credit card information in a web browser’s autofill feature.

With your online accounts like Google and Facebook, you will see features like privacy checkup and security checkup. You should perform these checkups and appropriately limit which features are enabled and what information you are allowing to be tracked. In the case of Google, as an example, this may include actual recording of your voice. You can – and should – purge any of this tracking information that you do not wish to be shared and/or stored. Also check your social media settings such that you only share information and files as you desire.

Time To Be Diligent: Now that you have addressed many of your hardware, software, and account settings tasks, you now come to the never-ending task: Be Diligent! The greatest risk to you is social engineering. Threat actors are always trying to take advantage of you by getting you to lower your guard, cause you to panic, take advantage of your trusting nature, etc. All it takes is one click on a link or opening one attachment to cause all kinds of problems for yourself and possibly others. These social engineering attempts, also known as phishing, can appear as very legitimate-looking emails or websites. It might appear as a PDF attachment in an email, or a Docusign email, a link to a dropbox document, an alleged invoice, or a multitude of others.

The rule is a simple one: if you are sent an attachment or an email telling you to click on a link and you do not recognize the source, do NOT open it nor click on the link. If you recognize the sender of the email but you are not expecting the attachment, call the sender by telephone and ask him/her if he/she really sent you the attachment or link. Do NOT just reply to the email and ask if it is legitimate because you may not be sending the email to the individual that you think you are sending it to.

There are a many websites that you can visit to learn more about phishing or where you can take phishing quizzes. A good starting point is www.phishing.org.

Don’t Be Proud or Shy: Some phishing attacks are so realistic and so well done that trained professionals can sometimes be fooled. So do not be embarrassed if you are not sure what to do or you are afraid your device or your information may have been compromised. As someone you trust for help. Or file complaint with agencies like The Internet Crime Complaint Center (www.ic3.gov) or the Federal Trade Commission (www.ftc.gov). If you really don’t know where to turn, you can always reach out to your local police department for assistance. If they cannot help you, they can help steer you to appropriate individuals for help.

 

©2018 by The LBC Group, Inc. All rights reserved