Tuesday, September 19, 2017

Equi-Fail!

   Or maybe we should say Equi-Fiasco!

   By now you've certainly heard about the Equifax breach including leaked social security numbers and other personal information on over 143 million people.  And there's plenty more info to come with this one as the facts continue to get uncovered.

   I certainly don't mean to be jumping on the bandwagon here.  There has already been so much coverage of this breach, but it is a big deal.  And, while I've seen a number of articles on what to do now, I haven't seen any that really cover everything you must do to protect yourself.

   Let's do that now!

   The bottom line is this... it's 2017... no one can or will protect your personal information.  You must take appropriate steps to protect yourself.  And here they are... in no particular order... the top-10 things you should do to protect your personal and financial information:

Tuesday, September 5, 2017

I Have Neither Read Nor Understood

   The site masthead starts out with the statement:“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.

   This is the lead statement on the tosdr.org website.  tosdr is an acronym for "Terms of Service; Didn't Read".  It's a play on words (play on acronyms? :-)) of tl;dr, Too Long; Didn't Read.  tl;dr has been a term floating around the interwebs for many years.  It simply expresses a sentiment that many people can relate to... that we're busy, so when there is a long article, post, whitepaper, document, documentation, etc., we might just not read it.  That also leads to the idea of the tl;dr version, i.e. executive summary!

   Clearly, Terms of Service statements fit into this category.  They tend to be exceedingly long.  They are often written FLBL (For Lawyers, By Lawyers)! :-)  You see them all over the place... on your bank's website, on social media sites, when you sign up for just about any kind of service, and with just about every app you install.

   So, if no one reads them, what's the problem?  Like a contract, the Terms of Service or EULA (End User License Agreement) provides some very important information.  For example, it may cover:
  • how the app, website or company can use your personal data;
  • if the site can sell your data,
  • whether or not you own any content you upload (such as to a social media site);
  • how, when, how much you can use the app, service or website;
  • if the site can charge you money, either one time or ongoing;
  • if you have any rights to seek damages against the company if you don't like how they conduct business
  • and more...

Tuesday, August 22, 2017

Don't Blame The IRS

  In a post last month, I include a recording of an obviously fake voice message warning about payment and fines due to the IRS.  If you've read my blog in the past, I talk a lot about scams and give tips to avoid them.  We've often discussed that legitimate organizations should not just contact you and ask for personal information.

   That just makes sense.

   But telling the difference between a legitimate call and a scam call has gotten harder.

   A reader let me know that the IRS is now using collection agencies to collect back taxes!  That just makes it even tougher to tell the difference between a legit collection call and a scam!

Tuesday, August 8, 2017

You Gotta Be You

   I just received an update from the Social Security Administration.  Yes, it was real! :-)  It was a reminder to log in to the SSA website to check my information online.  That also made me think about advice I've written about in the past... it's critical that you connect and establish your presence on critical government websites before someone else can create an account in your name.

   Here's a rewind of a 2016 post with all the information...



   I recently received a letter from the SSA (Social Security Administration).  It provided instructions for me to finish setting up my online account.  As I've written in the past you can, and need to, create personal accounts on the SSA and IRS websites.  The key issue is that you need to reserve and establish your identity on these critical government websites before someone else does it for you!  This is ID Fraud is still a big issue.

   These accounts are straightforward to set up.  One thing you will need to do is go through an Identity Proofing process.  That process asks you for some personal information that, in theory, only you should know.  I list info about the irs.gov account creation process in this post.

   Here is some info from the ssa.gov website:
You can create a my Social Security account if you’re age 18 or older, have a Social Security number, a valid email, a U.S. mailing address, and a cell phone that can receive text messages. You’ll need to provide some personal information to confirm your identity; you’ll be asked to choose a username and password; and then provide your cell phone number. You’ll then receive a security code via text that you will be required to enter when you first create an account. We’ll send your cell phone a new security code each time you log in with your username and password. The security code is part of our enhanced security feature to protect your personal information. Keep in mind that your cell phone provider's text message and data rates may apply.
   Now SSA has increased their security by offering two-factor authentication (2FA) on their site.  We've written about 2FA a number of times in the past.  SSA had said this was coming and now it's available.

   I highly recommend that you create accounts on these sites and use 2FA where available.  Here are the instructions for SSA.  Here for the IRS.  You can enable 2-factor authentication on the SSA site when you create your account.  Here's a link to a previous post looking at other sites where 2FA is available.  Double up wherever you can!

Tuesday, July 25, 2017

The Matter at the Hand

   Check this out!...



   Here's a transcript:

   Calling from Criminal Investigation Division of I-R-S.  The matter at the hand is extremely time sensitive and urgent, as after all that, we found that, there was a fraud and misconduct on your tax which you are hiding from the federal government. This need to be rectified immediately so do return the call as soon as you receive the message. The toll free number is 1-8-6-6-9-7-8-6-6-1-8. I repeat again, 1-8-6-6-9-7-8-6-6-1-8. Thank you.

   Needless to say, this is a scam.  You can look at all of these reports on phone number lookup sites.

   Now, you may think that this obviously sounds like a scam.  However, it unfortunately works.

   So what should you do if you or someone you know receives one of these calls?

  1. Don't respond.  Just leave that alone.
  2. Report it.  Here is the FTC info page on reporting scams, spams, do not call or telemarketing violations and other issues.  Here is the complaint reporting page.
   I did file a report with the FTC.  It doesn't take long and it's the right thing to do.

   While these calls can be either annoying or entertaining, the bottom line is that they work and some people do fall for these scams.  So educate yourself and others.

   Do you have any interesting robo-call or scam stories to share?

Tuesday, July 4, 2017

All Your Bitcoin Are Belong To Us

   If you're old enough... and geeky enough, you may remember this:


   All Your Base Are Belong To Us was one of the famous early internet memes.  You can take a break and read more about it here and here.

   Memes are fun!  But ransomware isn't.  We've talked about ransomware many times in the past.  It's a kind of virus or malware (malicious software).  It's been in the news quite a bit and the healthcare industry has had particular ransomware problems.  And the news will continue after May's "WannaCry" and June's Petya/GoldenEye global attacks.

   Basically, in a ransomware attack, infected computers cause data to be encrypted.  Normally encryption is a good thing, but only when you can also decrypt your data.  In this attack, only the attacker can restore your access to the information, and will do so for a "small consulting fee".

   Payment is typically made using Bitcoin.  Bitcoin has also been in the news.  It is what is called a "crypto-currency".  It's basically an online way to pay for things, kind of like an online debit card where you already have the funds in your account.  The main reason Bitcoin is used for ransomware is that it is fairly anonymous, particularly when compared with traditional credit cards or banking.  It's not completely anonymous - it does protect identity during transactions, but eventually someone may have to turn that bitcoin into other traditional currency.

   With all the ransomware attacks, some organizations are getting bitcoins so that they are ready in case they need to pay ransom!

Tuesday, June 20, 2017

Payday!

   I received this great news in email today.  For some reason gmail marked it as spam!  But it looks great to me! :-)