Phishing attacks are always evolving and trying to force us into ignoring our own good sense. A common attack is the infamous technical support scam. Historically, this involved a phone call from someone claiming you need help with your computer, an email message that directed users to fake sites where malware was installed, or a fake tech support popup message requesting payment card numbers. While those are still common, Microsoft researchers have discovered a new play on this scam.
According to the Identity Theft Assistance Center, one in 40 (2.5%) households in the U.S. have a child under 18 who have had personal information compromised by identity theft criminals. Unfortunately, much of the identity theft from children doesn't get discovered until after they are 18 and try to get a loan for school or to buy a home.
Children in lower income households and foster children are disproportionately susceptible to child identity theft. Those victims sometimes have their information used for such things as getting employment or having utilities set up, indicating that a significant number of these are committed by family members or friends of the child. This is referred to as "friendly fraud" and accounts for 27% of the cases.
Here are some tips to help protect the sought after information of children, particularly the social security number and birth date:
- As you check your own credit report annually, check children's as well with the same detail as your own and work with the reporting agencies to correct information as needed.
- Regularly review any financial account statements for children and address discrepancies immediately.
- Shred all documents with personally identifiable information of children before tossing them. Use a criss-cross shredder at a minimum. These can be purchased online or at any office supply store and are only marginally more expensive than the basic shredders and well worth it.
- Do not carry any social security cards with you, including those of your children. Keep them locked away in a cabinet at home. While you're at it, put the birth certificates in that locked file as well.
- If you allow your children to create online accounts, do not let them include their birth date on the forms if possible, but always leave off the date if it's required. Read the privacy policies of any site that will have access to your children's information thoroughly. If it's too invasive, don't allow access.
- Whenever filling out forms and asked if a child's information can be shared, opt out, even in school directories. These are often posted online and available to the public.
- Ask questions of the requestor when providing information about your child. Ask what the information will be used for, if there is some other way to identify your child other than date of birth and social security number, and verify how they protect any information once it is provided to them, including how they discard documents.
- Place a credit fraud alert on your child's credit report with the three major credit reporting agencies; Experian, TransUnion, and Equifax. Re-place that alert each time it expires. There are companies who do this for you, if that is preferred.
Maryland allows parents to freeze credit of their children until they are of legal age and soon it is expected other states will follow. Some states are looking into legislation allowing parents to enter a child's information into a database for high risk candidates.
If your child's identity is compromised, document everything including names of people you talk to, dates of conversations, and any contact information for them. Continue doing this for the duration of time it takes to fix the credit or resolve the identity theft issue. Be sure to file a police report with your local law enforcement agency. Also, do the same with the Federal Trade Commission (FTC). Instructions for filing there are on its website.
Teach your children how to protect their identity, especially online. Kids are able to have access to the internet from the time they can hold a smart phone, so start early with discussions on protecting themselves and the risks.
Scams that encourage victims to willingly give out their account numbers and personal information are nothing new. The techniques of the scams, however, do change as people become more aware of current scam trends, which cause scammers to find new ways to prey on their victims. It is important to stay on top of these trends to avoid falling victim.
Cyber criminals will use whatever they can think of to try to get your online banking credentials or other information they can sell on the dark web. Here are five ways they use social media to do it and how you can avoid giving up your information, in no particular order.
Summer has arrived all around the northern hemisphere. Many of us prefer to jump up and head outside to enjoy the spoils of the season and that is certainly fantastic. However, scammers don’t honor the seasons. They will try to trick us with their own version of phishing all year round. As we go into relaxation mode, it’s still important to keep an eye out for attempted scams and particularly for the phishing that doesn’t involve a pole, a boat, or water.
Phishing is still the most common way, by far, that information is stolen and .malware makes its way onto computers and mobile devices. It’s worth taking a moment to review the signs that an email message or phone call may be phishing for you
- A reward is offered, such as a gift card or some other freebie.
- There is a sense of urgency, such as an account will be blocked or a punishment will occur if you don’t do something.
- An attachment or link is included in an email that is unexpected or from an unfamiliar sender.
- There is a request to open a file, click a link, or share something. If a form follows a click that asks for information to be entered or login credentials to be entered, it should be considered suspect.
- The greeting and message are generic. If it doesn’t have any indication that the sender knows something personally about you, it could be a scam.
- The sender’s email address is strange or unfamiliar. If you open it up by clicking it, you can see the entire address; not just the name.
- If a link inside goes to a web address that seems strange or unexpected. If you hover the mouse pointer over those links, you can see where it will take you.
- A site asks for sensitive information, regardless of how you arrived at it, and the address isn’t preceded by “https:”
- The caller on the phone starts asking for sensitive information such as passwords, login credentials, or payment card information.
- A caller tries to scare you into providing or doing something.
Even if none of these indicators are present, it’s not a guarantee that the message is phishing. However, the risk is significantly lower.
It’s unlikely anyone will give up the Internet for the summer, nor is it expected. So just be sure to stay on your game for spotting phishing, so you don’t take the bait.