Monthly Archives: July 2015

Educated Employees are the First Line of Defense in the Fight Against Data Hacking

by Barbara Parrott McGinity, LMSW
BBB Education Foundation

Data Breach! System has been hacked! Personal information stolen! From the IRS to Chase Bank to Blue Cross Blue Shield, we are reading about security systems being infiltrated by criminal hackers every day. How can this happen? Hackers seek out weaknesses in your computer system and one of those weaknesses can be untrained personnel who mistakenly click on the wrong email.

Here is one recent email from my inbox:
Today, 3rd June, 2015. We are upgrading our email system in order for our email server to be compatible with the newer versions of software 2015 spam filter. This service creates more space and easy access to email. Please update your account by clicking on the link below. Click for Activation
CLICK HERE<http://owaadminportal.jimdo.com/&gt; And follow the instructions on the pop-up page for upgrade
Failure for any user to do this will render his/her account inactive.
Thank you,
IT Support Desk

Another example:
Hi my name is Annabella
my resume is pdf file
I am looking forward to hearing from you
Yours faithfully
Annabella

Both of these emails demonstrate how systems are breached, they require the recipient to get more information through the click of their mouse, one has a link and the other has an attachment.

Every day, we receive numerous unsolicited emails at both work and home. Some of it from sources you have done business with or ordered products from, while others come from unknown sources. Often you give that information away by putting information into pop-up windows, handing out business cards, or responding to unsolicited emails.

A couple of weeks ago I received a very simple, seemingly innocent email:
Hi Barbara:
For us newbees can you give me the crossroads for the location of the garden sale.
Thanks.
Jan LeCates
Your first instinct might be to reply, “What garden sale?” And that is what the sender was hoping for, because this type of email is looking to confirm good email addresses which then get sold to people sending the spam. For me it was easy to hit the delete button because I knew I was not going to a garden sale and I do not know Jan LeCrates. But what would your employee do?

The National Cyber Security Alliance has a website, http://www.staysafeonline.org, that provides information for businesses on cyber security. This includes accessing your risks, protecting customers, and education tips for employees. Here is what you need to pass onto your employees:

  • Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
  • Follow good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
  • When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
  • Back up their work: Whether you set your employees’ computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
  • Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.

The hackers are getting better, more sophisticated, and more difficult to catch. Everyone needs to be vigilant, stay alert to cyber threats, and never assume things are as they appear. Protecting your business by taking the time to educate your employees is the best way to defeat these criminals.

Programs and Tools to Protect Seniors from Financial Exploitation

by Barbara Parrott McGinity, LMSW

In June, I attended an event in Washington, DC for World Elder Abuse Awareness Day. The focus was on financial exploitation, with a number of presentations and individuals addressing this growing problem. Seniors and their families lose nearly $3 billion a year to a number of different scams that can involve phony charities, people representing themselves as IRS agents demanding tax payments, sweepstakes fraud, and scammers pretending to be grandchildren asking grandparents to wire funds because they are in jail in a foreign country.

It is estimated 1 in 44 cases of money scams and financial abuse of seniors is actually ever brought to the attention of authorities. It is extremely difficult to catch these criminals because the majority are overseas. But these cases often go unreported because people are ashamed or they are being threatened by the scammer and they fear for their safety and the safety of their loved ones.

Knowledge is power when working to protect your income and assets. There are a number of resources and programs available to older adults and their family members that not only educate people about the scams, but also offer tools that can provide some protection. Consumerreports.org in a recent Scam Alert lists these resources you can check out.

1) The Federal Trade Commission’s “Pass It On,” http://www.ftc.gov, focuses on six scams that individuals should learn about and inform others about as well.

2) The Consumer Financial Protection Bureau’s Office of Financial Protection for Older Americans website has information for seniors and a link to help report complaints or concerns. The Consumer Financial Protection Bureau also offers four different guides for attorneys, government-appointed fiduciaries, guardians, and trustees, called “Managing Someone Else’s Money” which can be ordered at no cost on their website, http://www.cfpb.gov.

3) The Securities and Exchange Commission, has a number of brochures, including “A Guide for Seniors: Protect Yourself Against Investment Fraud,” and “Stopping Affinity Fraud in Your Community,” focusing on money scams that prey on members of identifiable groups such as religious organizations available from their website, http://www.sec.gov

4) The Federal Deposit Insurance Corporation and the Consumer Financial Protection Bureau sponsor a program called “Money Smart for Older Adults: Prevent Financial Exploitation,” which is an instructor-led training curriculum for older adults and their caregivers.

5) FINRA, the Financial Industry Regulatory Authority, has a dedicated helpline for seniors to assist with their questions and concerns regarding brokerage accounts and investments. It is open Monday through Friday from 8:00 am to 4:00 pm Central Time, 1-844-574-3577. Open since April, they have received over 540 calls.

The best defense is a good offense. Take the time to arm yourself with the knowledge you need to understand how financial exploitation occurs. Education is the only way we can truly put an end to this problem as the scammers are getting better and we need to be prepared. If you would to schedule a group presentation from the BBB Education Foundation staff on scams and fraudulent business practices, call me at 713-341-6184.

Change in Medicare Numbers can be Bonanza for Scammers

By Barbara Parrott McGinity, LMSW

Good news! Congress passed a bill in April 2015 to replace the Social Security numbers on Medicare cards with a randomly selected number. They have four years to set up the system for new cards, and four more years to reissue cards to current Medicare beneficiaries. Bad news! Scammers will exploit this information to confuse older adults in an effort to get them to give out their Medicare information over the phone.

The calls will likely sound like this; “Hello, this is Medicare and we have good news for you, we are changing your Medicare number and it will no longer be your Social Security number. This will make you safe from identity theft. BUT, before we make the switch, we need to verify your current information.” Big red flag that this is a scam, asking you to verify information.

Whenever you get a call or email from someone asking to verify information, especially personal information like Social Security Numbers, bank account numbers or credit card numbers, it is a scam. They may have a little information about you, but they need more to complete the picture. The information they are asking from you is the piece of the puzzle they need to complete their file on you; and they will take this information and either steal your identity or bill Medicare for items and services you do not need.

As the October Medicare open enrollment date approaches, the scammers start calling and use a number of tricks to confuse people. Barbara Parrott McGinity, Program Director for the Texas Senior Medicare Patrol (SMP) advises you to “to never give any kind of personal information to anyone who calls you on the phone, no matter how convincing they sound. Remember that Medicare and Social Security and the IRS will never call you on the phone.” Be alert to potential scams. Do not fall for calls, postcards, or emails that offer to help you get your new Medicare card.

Contact the Texas Senior Medicare Patrol (SMP) if you have any questions or if you would like to receive information about how to protect, detect and report fraud and abuse at 1-888-341-6184.

Educated Employees are the First Line of Defense in the Fight Against Data Hacking

by Barbara Parrott McGinity, LMSW
BBB Education Foundation

Data Breach! System has been hacked! Personal information stolen! From the IRS to Chase Bank to Blue Cross Blue Shield, we are reading about security systems being infiltrated by criminal hackers every day. How can this happen? Hackers seek out weaknesses in your computer system and one of those weaknesses can be untrained personnel who mistakenly click on the wrong email.

Here is one recent email from my inbox:
Today, 3rd June, 2015. We are upgrading our email system in order for our email server to be compatible with the newer versions of software 2015 spam filter. This service creates more space and easy access to email. Please update your account by clicking on the link below. Click for Activation
CLICK HERE<http://owaadminportal.jimdo.com/&gt; And follow the instructions on the pop-up page for upgrade
Failure for any user to do this will render his/her account inactive.
Thank you,
IT Support Desk

Another example:
Hi my name is Annabella
my resume is pdf file
I am looking forward to hearing from you
Yours faithfully
Annabella

Both of these emails demonstrate how systems are breached, they require the recipient to get more information through the click of their mouse, one has a link and the other has an attachment.

Every day, we receive numerous unsolicited emails at both work and home. Some of it from sources you have done business with or ordered products from, while others come from unknown sources. Often you give that information away by putting information into pop-up windows, handing out business cards, or responding to unsolicited emails.

A couple of weeks ago I received a very simple, seemingly innocent email:
Hi Barbara:
For us newbees can you give me the crossroads for the location of the garden sale.
Thanks.
Jan LeCates
Your first instinct might be to reply, “What garden sale?” And that is what the sender was hoping for, because this type of email is looking to confirm good email addresses which then get sold to people sending the spam. For me it was easy to hit the delete button because I knew I was not going to a garden sale and I do not know Jan LeCrates. But what would your employee do?

The National Cyber Security Alliance has a website, http://www.staysafeonline.org, that provides information for businesses on cyber security. This includes accessing your risks, protecting customers, and education tips for employees. Here is what you need to pass onto your employees:

• Keep a clean machine: Your company should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
• Follow good password practices: Making passwords long and strong, with a mix of uppercase and lowercase letters, numbers and symbols, along with changing them routinely and keeping them private are the easiest and most effective steps your employees can take to protect your data.
• When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company’s spam filters and how to use them to prevent unwanted, harmful email.
• Back up their work: Whether you set your employees’ computers to backup automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
• Stay watchful and speak up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.
The hackers are getting better, more sophisticated, and more difficult to catch. Everyone needs to be vigilant, stay alert to cyber threats, and never assume things are as they appear. Protecting your business by taking the time to educate your employees is the best way to defeat these criminals.