Educated Employees are the First Line of Defense in the Fight Against Data Hacking

by Barbara Parrott McGinity, LMSW
BBB Education Foundation

Data Breach! System has been hacked! Personal information stolen! From the IRS to Chase Bank to Blue Cross Blue Shield, we are reading about security systems being infiltrated by criminal hackers every day. How can this happen? Hackers seek out weaknesses in your computer system and one of those weaknesses can be untrained personnel who mistakenly click on the wrong email.

Here is one recent email from my inbox:
Today, 3rd June, 2015. We are upgrading our email system in order for our email server to be compatible with the newer versions of software 2015 spam filter. This service creates more space and easy access to email. Please update your account by clicking on the link below. Click for Activation
CLICK HERE<http://owaadminportal.jimdo.com/&gt; And follow the instructions on the pop-up page for upgrade
Failure for any user to do this will render his/her account inactive.
Thank you,
IT Support Desk

Another example:
Hi my name is Annabella
my resume is pdf file
I am looking forward to hearing from you
Yours faithfully
Annabella

Both of these emails demonstrate how systems are breached, they require the recipient to get more information through the click of their mouse, one has a link and the other has an attachment.

Every day, we receive numerous unsolicited emails at both work and home. Some of it from sources you have done business with or ordered products from, while others come from unknown sources. Often you give that information away by putting information into pop-up windows, handing out business cards, or responding to unsolicited emails.

A couple of weeks ago I received a very simple, seemingly innocent email:
Hi Barbara:
For us newbees can you give me the crossroads for the location of the garden sale.
Thanks.
Jan LeCates
Your first instinct might be to reply, “What garden sale?” And that is what the sender was hoping for, because this type of email is looking to confirm good email addresses which then get sold to people sending the spam. For me it was easy to hit the delete button because I knew I was not going to a garden sale and I do not know Jan LeCrates. But what would your employee do?

The National Cyber Security Alliance has a website, http://www.staysafeonline.org, that provides information for businesses on cyber security. This includes accessing your risks, protecting customers, and education tips for employees. Here is what you need to pass onto your employees:

  • Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
  • Follow good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
  • When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
  • Back up their work: Whether you set your employees’ computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
  • Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.

The hackers are getting better, more sophisticated, and more difficult to catch. Everyone needs to be vigilant, stay alert to cyber threats, and never assume things are as they appear. Protecting your business by taking the time to educate your employees is the best way to defeat these criminals.

Programs and Tools to Protect Seniors from Financial Exploitation

by Barbara Parrott McGinity, LMSW

In June, I attended an event in Washington, DC for World Elder Abuse Awareness Day. The focus was on financial exploitation, with a number of presentations and individuals addressing this growing problem. Seniors and their families lose nearly $3 billion a year to a number of different scams that can involve phony charities, people representing themselves as IRS agents demanding tax payments, sweepstakes fraud, and scammers pretending to be grandchildren asking grandparents to wire funds because they are in jail in a foreign country.

It is estimated 1 in 44 cases of money scams and financial abuse of seniors is actually ever brought to the attention of authorities. It is extremely difficult to catch these criminals because the majority are overseas. But these cases often go unreported because people are ashamed or they are being threatened by the scammer and they fear for their safety and the safety of their loved ones.

Knowledge is power when working to protect your income and assets. There are a number of resources and programs available to older adults and their family members that not only educate people about the scams, but also offer tools that can provide some protection. Consumerreports.org in a recent Scam Alert lists these resources you can check out.

1) The Federal Trade Commission’s “Pass It On,” http://www.ftc.gov, focuses on six scams that individuals should learn about and inform others about as well.

2) The Consumer Financial Protection Bureau’s Office of Financial Protection for Older Americans website has information for seniors and a link to help report complaints or concerns. The Consumer Financial Protection Bureau also offers four different guides for attorneys, government-appointed fiduciaries, guardians, and trustees, called “Managing Someone Else’s Money” which can be ordered at no cost on their website, http://www.cfpb.gov.

3) The Securities and Exchange Commission, has a number of brochures, including “A Guide for Seniors: Protect Yourself Against Investment Fraud,” and “Stopping Affinity Fraud in Your Community,” focusing on money scams that prey on members of identifiable groups such as religious organizations available from their website, http://www.sec.gov

4) The Federal Deposit Insurance Corporation and the Consumer Financial Protection Bureau sponsor a program called “Money Smart for Older Adults: Prevent Financial Exploitation,” which is an instructor-led training curriculum for older adults and their caregivers.

5) FINRA, the Financial Industry Regulatory Authority, has a dedicated helpline for seniors to assist with their questions and concerns regarding brokerage accounts and investments. It is open Monday through Friday from 8:00 am to 4:00 pm Central Time, 1-844-574-3577. Open since April, they have received over 540 calls.

The best defense is a good offense. Take the time to arm yourself with the knowledge you need to understand how financial exploitation occurs. Education is the only way we can truly put an end to this problem as the scammers are getting better and we need to be prepared. If you would to schedule a group presentation from the BBB Education Foundation staff on scams and fraudulent business practices, call me at 713-341-6184.

Change in Medicare Numbers can be Bonanza for Scammers

By Barbara Parrott McGinity, LMSW

Good news! Congress passed a bill in April 2015 to replace the Social Security numbers on Medicare cards with a randomly selected number. They have four years to set up the system for new cards, and four more years to reissue cards to current Medicare beneficiaries. Bad news! Scammers will exploit this information to confuse older adults in an effort to get them to give out their Medicare information over the phone.

The calls will likely sound like this; “Hello, this is Medicare and we have good news for you, we are changing your Medicare number and it will no longer be your Social Security number. This will make you safe from identity theft. BUT, before we make the switch, we need to verify your current information.” Big red flag that this is a scam, asking you to verify information.

Whenever you get a call or email from someone asking to verify information, especially personal information like Social Security Numbers, bank account numbers or credit card numbers, it is a scam. They may have a little information about you, but they need more to complete the picture. The information they are asking from you is the piece of the puzzle they need to complete their file on you; and they will take this information and either steal your identity or bill Medicare for items and services you do not need.

As the October Medicare open enrollment date approaches, the scammers start calling and use a number of tricks to confuse people. Barbara Parrott McGinity, Program Director for the Texas Senior Medicare Patrol (SMP) advises you to “to never give any kind of personal information to anyone who calls you on the phone, no matter how convincing they sound. Remember that Medicare and Social Security and the IRS will never call you on the phone.” Be alert to potential scams. Do not fall for calls, postcards, or emails that offer to help you get your new Medicare card.

Contact the Texas Senior Medicare Patrol (SMP) if you have any questions or if you would like to receive information about how to protect, detect and report fraud and abuse at 1-888-341-6184.

Educated Employees are the First Line of Defense in the Fight Against Data Hacking

by Barbara Parrott McGinity, LMSW
BBB Education Foundation

Data Breach! System has been hacked! Personal information stolen! From the IRS to Chase Bank to Blue Cross Blue Shield, we are reading about security systems being infiltrated by criminal hackers every day. How can this happen? Hackers seek out weaknesses in your computer system and one of those weaknesses can be untrained personnel who mistakenly click on the wrong email.

Here is one recent email from my inbox:
Today, 3rd June, 2015. We are upgrading our email system in order for our email server to be compatible with the newer versions of software 2015 spam filter. This service creates more space and easy access to email. Please update your account by clicking on the link below. Click for Activation
CLICK HERE<http://owaadminportal.jimdo.com/&gt; And follow the instructions on the pop-up page for upgrade
Failure for any user to do this will render his/her account inactive.
Thank you,
IT Support Desk

Another example:
Hi my name is Annabella
my resume is pdf file
I am looking forward to hearing from you
Yours faithfully
Annabella

Both of these emails demonstrate how systems are breached, they require the recipient to get more information through the click of their mouse, one has a link and the other has an attachment.

Every day, we receive numerous unsolicited emails at both work and home. Some of it from sources you have done business with or ordered products from, while others come from unknown sources. Often you give that information away by putting information into pop-up windows, handing out business cards, or responding to unsolicited emails.

A couple of weeks ago I received a very simple, seemingly innocent email:
Hi Barbara:
For us newbees can you give me the crossroads for the location of the garden sale.
Thanks.
Jan LeCates
Your first instinct might be to reply, “What garden sale?” And that is what the sender was hoping for, because this type of email is looking to confirm good email addresses which then get sold to people sending the spam. For me it was easy to hit the delete button because I knew I was not going to a garden sale and I do not know Jan LeCrates. But what would your employee do?

The National Cyber Security Alliance has a website, http://www.staysafeonline.org, that provides information for businesses on cyber security. This includes accessing your risks, protecting customers, and education tips for employees. Here is what you need to pass onto your employees:

• Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
• Follow good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
• When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
• Back up their work: Whether you set your employees’ computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
• Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
The hackers are getting better, more sophisticated, and more difficult to catch. Everyone needs to be vigilant, stay alert to cyber threats, and never assume things are as they appear. Protecting your business by taking the time to educate your employees is the best way to defeat these criminals.

The Fallacy of Free Money and Undiscovered Riches

by Barbara Parrott McGinity, LMSW

The prospect of “free” money and undiscovered riches is a fantasy held by us all. This is one of the main reasons sweepstakes scams are so successful. But there are “legitimate” companies that are designed to take a fee for work you can do for yourself at no cost. The ones we frequently hear about use a common theme, “we have found money in your name.” Now they have your attention, but how do these schemes work.
Homestead exemption for over age 65 – if you are over 65, you can apply for an additional exemption on your property taxes for up to one year to file after you turn 65. If you file late and have already paid your taxes you will receive a refund.

There are people who spend their time going through the property tax rolls looking for individuals who have failed to file this exemption. For a fee they will file the exemption for you, but you can do this yourself at no cost, keeping all of the refund instead of sharing it with someone. Not a scam, but definitely a scheme to take money from you for nothing.

Missing or found money – Every state keeps a database of unclaimed property. If an entity cannot find you or gets returned mail, they turn the unclaimed property and assets over to the state. The most common types of unclaimed property include: bank accounts, safe deposit box contents, stocks, mutual funds, bonds, dividends, uncashed checks and wages, insurance policies, certificates of deposit, trust funds, utility deposits, and escrow accounts.

The scheme works like this: They send a letter stating they have found money in your name and for a fee; they will help you get your money. The trick is, “in your name.” There might be money for an individual with your name, but that does not mean it is actually you. Just someone with the same name.

If you get one of those letters or postcards there are resources you can research on your own for no fee. If you have only lived in Texas all your life and would have no unclaimed property in another state, go to the State Comptroller’s website at http://www.cpa.state.tx.us to search the database.

If you have lived in another state, you can go to http://www.missingmoney.com to do a search. But not all states are part of this website, so you might have to search for the unclaimed property in each individual state where you have lived.

Personally, I never been the recipient of found money but I have done searches for family and friends and have found as much as $400. It is worth the time to search, but it is not worth paying others. Always be skeptical when you are suddenly the recipient of newly found riches. The reality is you are likely making someone else richer than you yourself.

Why Don’t you do More Public Awareness

by Barbara Parrott McGinity, LMSW

One of the most common questions we receive from individuals reporting a scam or revealing they are victim is “why is there not more public awareness or efforts to warn people.” Actually that is what we strive to do on a daily basis.

We collaborate with local news stations to do stories on scams. This monthly column is another outlet we use to do public education. And the BBB Education Foundation staff is available to make presentations to any group who wants a speaker on the topic of scams and fraudulent business practices.

But despite our efforts, we are never going to reach every living soul at any one time. This really needs to be a community effort if we are going to have a major impact.

What do I mean by community effort…I actually mean you. How often do you get together in social settings whether it is bowling, bridge at the senior center, lunch with the church group, garden club, or other club meetings and actually talk about some new scam you’ve learned about? Maybe it is something you read here in the Chronicle, heard on the news, or saw in a magazine. Do you talk about how it works, what you learned, how to safeguard yourself?

Taking the time to pass on knowledge in a casual social setting could be a start to our working to defeat those unscrupulous people who spend their every waking hour coming up with some new way to steal your money. Because I see and hear this everyday, nothing really surprises me anymore. What I am surprised by is how people are fascinated to hear about the latest scam and just cannot believe what goes on day after day after day.

When individuals call to tell me about a phone call or letter they got promising riches but they were smart enough not to be caught, I ask them to share this information with everyone else. It is going to take a larger force than just the BBB to educate people and inoculate them against the most current scams. Think about what you can do.

Then of course there is your family. So many calls we get are from older adults who have very capable adult children, but they don’t tell their children what is going on in their lives and they don’t ask their children for help when they need it. Reaching out to family members and your children to get help when you are confused, in trouble over a debt, or worried you may be a victim of fraud is not a negative, but a positive.

Letting family members help you and guide you in making important decisions can be the best way you keep yourself safe. Being fearful of what they will think only leads to stress and anxiety, resulting in both mental and physical health problems. There really is no need for you to carry the burden alone, let those that love you help you shoulder the load.

If we work together educating each other or providing support, we can go a long way in putting an end to the financial abuse that targets older adults.

Study Suggests Some People Are More Vulnerable to Online Fraud Than Others

by Barbara Parrott McGinity, LMSW

One of the recurring scams I hear about from older adults is the “Microsoft Scam.” How does it work? You receive a phone call telling you “this is Microsoft and we have detected a virus on your computer and we want to help you.” They ask for access to your computer. I equate this to letting a robber into your house, and you sit and watch them still items right in front of you.

Here is what the scammers may ask you to do:
• Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
• Convince you to visit legitimate websites (like http://www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings to leave your computer vulnerable.
• Request credit card information so they can bill you for phony services.
• Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.

In a survey by AARP released in May 2014 titled, Caught in the Scammer’s Net, they revealed the risk factors that increase your chances of becoming an Internet fraud victim. The survey identified 15 particular behaviors, life experiences, and knowledge attributes that may make a person more vulnerable to online fraud:

Behaviors:
• Clicking on pop-ups
• Opening email from unknown sources
• Selling products on online auction sites
• Signing up for free limited time trial offers
• Downloading apps
• Purchasing through an online payment transfer site
• Visiting a website that required them to read a privacy policy;
• Visiting a website that required them to read a terms of agreement statement
• Being impulsive

Life Experiences:
• Feeling isolated/lonely
• Loss of a job
• Negative change in financial status
• Being concerned about debt

Knowledge:
• Being unaware that banks do not send emails to their customers asking them to click on a link to verify personal information
• Being unaware that a privacy policy does not always mean the website will not share their information with other companies
Are you at risk to be a victim of Internet fraud? In reading them, do feel you might meet any of these risk factors? It is important to be aware of these factors and do understand how you could be tricked.

Be safe and remember: do not click on pop up windows of any type or warning, do not give your personal information to unverified websites, check out all websites and offers before making purchases, do not open emails from strangers, and do not click on links sent by friends unless you have personally verified they sent the email.

Data breaches such as those at Blue Cross Blue Shield and J P Morgan Chase provide scammers with alot of different information to try and trick you. Stop, think and ask…that is the only way to stay safe on the Internet.