How does this scam translate to mobile phones?  A consumer might, for example get a text message offering a subscription to get horoscopes or quizzes on his mobile phone.  The way the text message is written — purposively so — makes it sound as if the service is free.  What happens next is the complete opposite of free.  The consumer starts getting unauthorized, repeating charges on his mobile phone bill.  Alternatively, the consumer hasn’t responded “yes” to a text message offering a service but with the same result to his mobile phone bill.

The Federal Trade Commission (FTC) successfully brought “cramming” cases against landline scammers.  Now the FTC is moving against mobile phone bill scammers and 3 weeks ago filed its first mobile phone bill “cramming” case.  The case was filed against Wise Media, LLC, Brian M. Buckley, Winston J. Deloney and Concrete Marketing Research, LLC (the latter is alleged to have gotten ill-gotten money from the Wise Media operation).

The FTC alleges that Wise Media, Buckley and Deloney billed consumers for “premium services” that sent them text messages with horoscopes, flirting, love tips and other similar information.  In the complaint, the FTC alleges that consumers were signed up for these services seemingly randomly and were repeatedly billed $9.99 a month on their mobile phone bills without the consumers’ knowledge or consent.

The FTC complaint also states that some consumers got text messages from Wise Media indicating that the consumer had subscribed to one of the services.  That email was ignored by many consumers who thought it was spam.  But the FTC’s complaint notes that even those consumers who sent back a text message refusing the service were still charged for the service on a repeating basis on their mobile phone bills.

The FTC has asked a court for a permanent injunction to shut down Wise Media and force the defendants to return all of the money they got from their alleged “cramming” scam.  If successful, the FTC would use the funds to reimburse the scam victims.

The FTC held a May 8th “Mobile Cramming” Roundtable May 8th.  I was able to attend for the first panel where experts discussed the topic “Understanding Third-Party Billing and Mobile Cramming”.   On Monday, May 13th I’ll write about the information and insights from that panel — including their top tips for fighting back against mobile phone “cramming.”

____________________

Ms. Diener is now an independent consultant on privacy, identity management, information protection and risk management. She served in senior managerial, legal, policy and legislative positions in all three branches of the Federal government. In addition to her privacy expertise, Ms. Diener played a lead role on such important domestic and international issues as criminal justice/law enforcement and financial services. She speaks frequently at industry and governmental conferences and meetings.

If you have an all-encompassing identity theft protection service, your provider can take care of much of the restoration.

The first call you make should be to the police, to report the crime. According to the FTC, “A police report that provides specific details of the identity theft is considered an Identity Theft Report, which entitles you to certain legal rights when it is provided to the three major credit reporting agencies or to companies where the thief misused your information. An Identity Theft Report can be used to permanently block fraudulent information that results from identity theft, such as accounts or addresses, from appearing on your credit report. It will also make sure these debts do not reappear on your credit reports. Identity Theft Reports can prevent a company from continuing to collect debts that result from identity theft, or selling them to others for collection. An Identity Theft Report is also needed to place an extended fraud alert on your credit report.”^[1]

When filing an identity theft report, you will first want to fill out an ID Theft Complaint (http://www.idtheft.gov/probono/docs/i.%20Table%20of%20Contents.pdf with the FTC, which you should bring with you to the police station.

The key to restoring a stolen identity is to exercise patience. Recognize this is not the end of the world, it’s an inconvenience and can be fixed with time and persistence.

__________________

Robert Siciliano, is a personal security expert contributor to Just Ask Gemalto and author of 99 Things You Wish You Knew Before Your Mobile was Hacked! . Disclosures

The state court computers for Washington have been hacked. The incident started sometime after September of last year and was discovered in February of this year. And the hackers managed to gain access to a computer that stored 160,000 Social Security numbers and more than 1 million driver’s licenses. So far, 94 people have been told that their individual information was compromised in the hacking incident.

State officials currently believe that the 94 people notified were the only ones that had their data stolen. But they really aren’t sure. Their information was apparently in a separate file from the one containing the 160,000 SSNs. But the larger file was there for the taking and doesn’t appear to have been encrypted.

If the other file was stolen, whoever uses the SSNs it contained may be in for a big surprise. That file contains identifying information for people booked into a city or county jail between September 2011 and December 2012. Oops!

A third file contained information from over 1 million driver’s licenses. Anyone using that information could find themselves facing another issue. A large number of those licenses belonged to people who had been arrested for a DUI between 1989 and 2011 or who resolved a criminal matter in 2011 or 2012. But it also contained information on people who resolved minor traffic infractions in 2011 and 2012.

The breach was apparently preventable. The state needed to install a software security patch on its computer system, but they had failed to do so. The state also admits that files with personally identifiable information in them should not have been stored the way that they were. They have changed their procedures for storing data and updated their software since the breach.

Anyone falling into any of the described groups above should check their credit report for errors and may want to have a fraud alert placed on their file. The State of Washington has setup a website with more information about the breach which can be found at http://www.courts.wa.gov/databreach. They have also setup a telephone hotline which can be reached at 1-800-448-5584.

____________________

Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org

Individuals are the only ones with the detailed knowledge of their medical care or financial expenditures who can raise the alarm when they do fall victim, it is essential for consumers to learn the true impact of these crimes and how to protect themselves as best they can and raise the alarm when it is needed.

In addition, system practices continue to make personally identifiable information (PII) available in ways advantageous to criminals. For example:

• Social Security Numbers are used on Medicare insurance cards.
• HIPAA rules intended to protect patient privacy also prevent victims from gaining access to their records to correct them.
• Healthcare providers have been implicated in the vast majority of crimes and may choose not to help the victims at all.[2]
• 94% of US healthcare organizations studied have had critical PII data breaches and 45% of these organizations showed five or more breaches during the study period.[3]
• Three out of five providers studied, including major hospitals and healthcare providers, do not have the policies and procedures in place to safeguard health records.[4]
• More than six in ten healthcare organizations studied say they do not have enough resources to ensure data security.[5]

We know that medical identity theft and fraud cost the healthcare industry $41 billion in 2012 and cost taxpayers and consumers in higher premiums and healthcare costs and has life-altering consequences for patients and their families, so the attitude that resources cannot be dedicated to data security indicates a lack of understanding regarding the true value of the PII.

In financial identity theft, the financial institution may make the individual financially whole again – not so for medical identity theft victims.  We are seeing some success in which insurance companies are some of the most proactive players, as are federal government investigation units and law enforcement. And Medicare has assisted patients by simplifying EOBs and providing some consumer education. The public/private consortium, the Medical Identity Fraud Alliance, is leading the current opportunity to include all ecosystem stakeholders in developing cost effective technologies, policies, and best practices that we need to lessen patient exposure to fraud and theft.

How the Scam Works:   

You see a Facebook page or stumble on to a website promoting an upcoming casting call. The show’s producers are looking for contestants/actors for a brand new TV show. You think this is your big chance!

You email your photos and resume to the email address on the website. The “producer” responds right away. He/she invites you to complete an online application and/or attend an audition… for a fee.

Here’s the catch. The show may not exist and your audition tapes will go nowhere. At best, you are out a small amount of cash. At worst, you gave personal information to scammer, who can use that to open bank accounts and credit cards in your name.

Some producers may have stars in their own eyes, but no contract or money to actually put a show on the air or on the big screen. Others may be out-and-out scam artists. There are many variations: they frequently pose as reality shows, but they also use game shows, scripted shows and movies. Sometimes they claim to be launching a brand new show and are looking for an initial cast. Other times, scammers offer fake auditions for existing shows or movies. They charge a premium, but the directors will never see your audition.

Scammers also frequently use legitimate sources to shore up their scam. They find details online about a show to make their casting calls sound real. Sometimes, they just steal old casting notices and edit the dates.

How to Spot a Scam:

Keep an eye out for the following warning signs. Some quick research will help you figure out a real opportunity from a scam.

• The business/manager asks for money: As the spokesperson for NBC put it: ”Red flag, guys. It’s not a real casting call. We’re paid to find you!” Also, don’t trust a “manager” who charges you an upfront fee. They should only be paid commission based on a percentage of the work they book you.
• Don’t trust a casting call’s claims that it is associated with a network or trusted organization: It’s easy for a scammer to assert they are affiliated with a network, production company or even BBB. Be sure to check BBB.org to see if the business really has the rating/accreditation they claim.
• Check out the production company’s website and staff: Brand new shows might not have a website yet, but be sure to visit the production company’s website to see if the show is mentioned. Also, do a search for the producers to make sure they are experienced professionals.
• Search for the name of the casting website: If it’s a scam, chances are there’s a warning about it online. Do a quick search and read comments from other aspiring actors.

For More Information

To find out more about scams, check out BBB Scam Stopper.

_______________

The BBB is dedicated to fostering honest and responsive relationships between businesses and consumers in the U.S. and Canada, instilling consumer confidence and contributing to a trustworthy marketplace for all.

What savvy business travelers aren’t savvy about is security—or, specifically, the lack thereof in airplane WiFi. When logging onto an airplane WiFi, there isn’t any encryption preventing other users from seeing your data. The majority of the security in airplane WiFi is built into the payment system to protect your credit card. Beyond that, you’re pretty much left to the dogs.

Another issue flyers face when booting up is that their WiFi card generally defaults to seeking out a known WiFi connection and then automatically connects, like when you are home and you automatically connect upon booting upbecause at one point in your settings you checked that option. But on a plane (or anywhere, really), an evil hacker can set up what’s called an “evil twin,” which is a rogue wireless network specifically set up by a bad guy to trick you into manually connecting or to trick your device into automatically connecting. Once you’re hooked, all of your information travels through his device and he captures every packet of wireless data.

Protect yourself.

#1 When WiFi is not in use, head over to your wireless network manager and right-click to disable your wireless network connection. Some laptops have a switch and others have a keyboard key.

#2 If you plan to connect to in-flight service, you need to protect your information with a VPN. Hotspot Shield VPN is afree proxy that protects your device’s data by ensuring that all web transactions (shopping, filling out forms, downloads, etc.) are secured through HTTPS. With Hotspot Shield, your device basically will be surfing through a protected tunnel throughout the in-flight service.

_________________

Robert Siciliano is an Identity Theft Expert to Hotspot Shield VPN. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning America.Disclosures.

How the Scam Works:   

You get a letter in the mail that appears to comes from a government agency. It’s really a private business, and it promises to get your property taxes reduced by disputing your tax assessment. For this, the business charges from $30 to hundreds of dollars. A typical letter reads:

“The XYZ County tax authorities may have made an error when they recently assessed your property. The mistake means you may be over taxed by 2,000… For 10 minutes and a one-time fee of less than $100, it’s well worth the potential savings of $2,000.”

As always, several variations of the scam exist. Sometimes, scammers simply pocket the fee. Other times, it’s more a case of misleading advertising. The businesses file the paperwork on your behalf and/or provide you with a government report. However, in most cases, the business is simply doing something homeowners can do themselves for free.

Finally, some scammers use filing a property tax assessment dispute as an pretense to collect personal information for use in identity theft.

Ways to Spot a Property Assessment Scam: 

Reputable businesses are available to help you dispute your tax assessment, but watch out for the following warning signs. It may be a scam if the business:

• Poses as a government agency
• Requires an upfront fee instead of billing you after the service is rendered.
• Guarantees it can lower your property assessment and/or taxes. You can file a dispute, but the local government needs to approve it.
• Requests a certified copy of your property deed and charges you more than a few dollars for it. Learn more about this scam here.
• Asks for your Social Security number or other personal information.

_________________

The BBB is dedicated to fostering honest and responsive relationships between businesses and consumers in the U.S. and Canada, instilling consumer confidence and contributing to a trustworthy marketplace for all.

This is only the latest of many recent hacks. With customer data breaches becoming increasingly common, what should you do to protect yourself? Start with our tips below:

Protecting Yourself from Hacking:   

The best way to safeguard your personal information is by creating strong passwords (see Microsoft’s tips here) and using a unique password for each website.

What to Do After a Hack:

It happens. Even the most conscientious businesses get hacked. If a company with which you’ve done business suffered a security breach, follow the tips below to protect yourself.

• Change your password on the affected website — and anywhere else you use it. Many web users have a rotation of passwords they use, so be sure to change yours on all appropriate websites.
• Be extra suspicious of any emails coming from the business that was hacked — especially ones containing links or attachments. Scammers often use the personal information they’ve obtained along with the hacked business’ name to trick customers into sharing credit card or banking info.
• However, affected business do often communicate with customers after the hack. Be sure these emails are real by hovering over the links in the message. When you do this, the link destination should appear in a pop up box or in the lower left hand corner of your browser.
• Keep a close eye on your credit card and bank accounts. If hackers have access to your personal data, identity theft is a risk. Call your bank or credit card company immediately if you see any unexpected activity.

For More Information

To find out more about scams, check out BBB Scam Stopper.

_________________

The BBB is dedicated to fostering honest and responsive relationships between businesses and consumers in the U.S. and Canada, instilling consumer confidence and contributing to a trustworthy marketplace for all.

The FBI is aware of a spam e-mail with the subject line “Boston Marathon Explosion” and similarly themed messages being circulated to lure potential victims to malicious software and exploits. Spam e-mails and Web sites to which they are linked use a wide variety of deceptions to trick a user into taking actions that put the user’s computer at risk for infection. Common techniques include links to compromised Web sites and pop-up messages prompting users to download software to view pictures, videos or other files.

Social media is another avenue criminals use to solicit donations. The FBI is aware that an account on a popular social media service using the Boston Marathon name and official logo was created soon after the explosions. Communications from the account represented that $1 would be donated to the Boston Marathon victims for every communication other users sent to the account. Though the account was suspended by the social media service, others may use similar methods to commit fraud.

The FBI is also aware of numerous questionable domains registered within hours of the Boston Marathon explosions. Though the intentions of the registrants are unknown, domains have emerged following other disasters for fraudulent purposes.

Individuals should always exercise reasonable caution and vigilance when using e-mail and social networking Web sites. Based on experiences from previous times of tragedy, it is reasonable to believe that criminals will continue to exploit such events to solicit fraudulent donations, to obtain victims’ personally identifiable information (PII), and to further other illegal activities.

Individuals can limit exposure to cyber criminals by taking the following preventative actions when using email and social networking Web sites:

• Do not agree to download software to view content. Messages may contain pictures, videos, and other attachments designed to infect your computer with malware.
• Do not follow a link you receive via e-mail to go to a website. Links appearing as legitimate sites (example: fbi.gov), could be hyperlinked to direct victims to another website when clicked. These sites may be designed to infect your computer with malware or solicit personal information.
• Verify the existence and legitimacy of organizations by conducting research and visiting official websites. Be skeptical of charity names similar to but not exactly the same as reputable charities.
• Do not allow others to make donations on your behalf. Donation-themed messages may also contain links to websites designed to solicit personal information, which can be routed to a cyber criminal.
• Make donations securely by using a debit/credit card or write a check made out to the specific charity. Be wary of making donations via money transfer services; legitimate charities do not normally solicit donations using this method of payment.

If you believe you have been the victim of fraud by someone soliciting funds on behalf of disaster victims or want to report suspicious e-mail solicitations or fraudulent Web sites, please file a complaint with the FBI’s Internet Crime Complaint Center, http://www.ic3.gov/

____________________

The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate.

According to the DBIR, nobody is immune to data breaches. Here are some of the report’s findings:

• 86% of data breaches that involve hacking don’t involve employees of the company or organization being hacked,
• 78% of hacking data breaches were unsophisticated; involving low, or very low skill levels,
• 62% of data breaches took months to discover. 4% of data breaches took years to discover,
• 22% of data breaches were not contained for months after their initial discovery,
• 37% of data breaches occurred in financial services organizations with ATMs being the most vulnerable point of attack,
• 24% of data breaches occurred in retail stores and restaurants.

While it is probably not surprising to anyone that 75% of intentional data breaches were financially motivated, you may be surprised to learn that 19% of intentional data breaches were as a result of espionage by foreign government agencies. 52% of the data breaches in this category involved hacking or malware.

With regard to unintentional data breaches caused by employees or contractors in organizations, 41% were caused by the use of unauthorized equipment such as unsecured smart phones or USB drives. Lost or stolen laptop and desktop computers were also significant contributors to data breaches in this category.

The report clearly shows that organizations that store significant amounts of personal data on their customers and employees need to do a better job of securing their data. You can find the entire report here. There is also a shorter, executive summary available.

________________

Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org