Tag Archives: fraud

Fraud alert, freeze or lock after Equifax?

After the Equifax breach, clients and friends have been coming to us with questions. Some people are considering placing a fraud alert on their credit file. Others are thinking about freezing or locking their credit files to help prevent identity thieves from opening new accounts in their name. Here are some FAQs to help you think through your options.

FRAUD ALERT

  • What is it? A fraud alert requires companies to verify your identity before extending new credit. Usually that means calling you to check if you’re really trying to open a new account.
  • How does it work? The process is easy – you contact any one of the three nationwide credit reporting agencies (Equifax, Experian, TransUnion) and that one must notify the other two.
  • How long does it last? An initial fraud alerts last 90 days. After 90 days, you can renew your alert for an additional 90 days, as many times as you want. Military who deploy can get an active duty alert that lasts one year, renewable for the period of deployment. Identity theft victims (whose information has been misused, not just exposed in a breach) are entitled to an extended fraud alert, which lasts seven years.
  • How much does it cost? Fraud alerts are free.
  • Is this for me? With a fraud alert, you keep access to your credit and federal law protects you. But an initial fraud alert lasts only 90 days and then you’ll need to remind yourself to renew it every 90 days.

CREDIT FREEZE

  • What is it? A credit freeze limits access to your credit file so no one, including you, can open new accounts until the freeze is lifted.
  • How does it work? To be fully protected, you must place a freeze with each of the three credit reporting agencies. Freezes can be placed by phone or online. You’ll get a PIN to use each time you freeze or unfreeze, which may take one to three business days.
  • How long does it last? A freeze lasts until you temporarily lift or permanently remove it (except in a few states where freezes expire after seven years).
  • How much does it cost? Fees are set by state law. Generally, it costs $5 to $10 each time you freeze or unfreeze your account with each credit reporting agency. You can get a free freeze if you are an identity theft victim, or in some states, if you’re over age 62. Equifax is offering free freezes until January 31, 2018.
  • Is this for me? Freezes are generally best for people who aren’t planning to take out new credit. Often, that includes older adults, people under guardianship, and children. People who want to avoid monthly fees also may prefer freezes over locks.

CREDIT LOCK

  • What is it? Like a freeze, a credit lock limits access to your credit file so no one, including you, can open new accounts until you unlock your credit file.
  • How does it work? Like a freeze, to be fully protected, you must place locks with all three credit reporting agencies. With locks, however, there’s no PIN and usually no wait to lock or unlock your credit file (although the current Equifax lock can take 24 to 48 hours). You can lock and unlock on a computer or mobile device through an app – but not with a phone call.
  • How long does it last? Locks last only as long as you have an ongoing lock agreement with each of the credit reporting agencies. In some cases, that means paying monthly fees to maintain your lock service.
  • How much does it cost? Credit reporting agencies can set and change lock fees at any time. As of today, Equifax offers free locks as part of its free post-breach credit monitoring. Experian and TransUnion may charge monthly fees, often about $20.
  • Is this for me? Depending on your particular lock agreement, your fees and protections may change over time. So, if you sign up for a lock, it’s hard to be sure what your legal protections will be if something goes wrong later. Also, monthly lock fees can quickly exceed the cost of freezes, especially if the lock fees increase over time.

The FTC has more information for consumers about protecting their identity, including Credit freeze FAQsFraud alert or credit freeze – which is right for you, and Free freezes from Equifax. Also, check out the FTC’s resource page about the Equifax data breach. And if your personal information has been misused,  visit IdentityTheft.gov to report identity theft and get a personal recovery plan.

Initial fraud alerts, credit freezes, and credit locks: What’s the difference?
What you should know about Initial fraud alerts Credit freezes Credit locks
Purpose Verify your identity before extending new credit Restricts access to credit file to prevent identity theft
Legal protections Based on federal law (Fair Credit Reporting Act) Based on state law Based on consumer’s lock agreement with each credit reporting agency (CRA)

Varies by CRA & may change over time

Fees Free
  • Free from Equifax until January 31, 2018
  • Free for id theft victims & in some states free for people over age 62
  • Otherwise, $5-$10 per credit reporting agency (CRA) each time you freeze or unfreeze
  • Free from Equifax, as part of free credit monitoring service
  • Otherwise, CRAs may charge monthly fees
  • Monthly fees may change
Links Place a fraud alert with any one of the three:

Place a credit freeze with all three:

Place a credit lock with all three:

Turning them on and off A fraud alert:

  • Lasts 90 days
  • Can be renewed for free for an additional 90 days, as many times as you want
To freeze or unfreeze:

  • Online or by phone
  • Requires a PIN
To lock or unlock:

  • Online only
  • No PIN required

Downloadable PDF version

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Advertisements

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

Someone Stole your Phone?

Identity theft can happen to anyone. Last week the Federal Trade Commission (FTC) published an article based on a true story from one if its fraud investigators who had her phone stolen.

She provided tips you can take to protect your digital identity:

Smart Phone:

  • Lock your phone. Use at least a 6-digit passcode on your device, or use the pattern lock or fingerprint scanner. Set the device to lock when not in use. This is especially important if you use a mobile wallet or money transfer apps.
  • Update it and back it up. Back up your device regularly and make sure automatic updates are turned on. Backing up your phone regularly and automatically makes sure that you’ll still have your stuff – if it disappears.
  • Get help finding your phone. Install and turn on Find My iPhone (iOS) or Find My Device (Android). These apps could help you locate your device if you lose it. If your phone is stolen, these apps also let you remotely issue a command to erase your device .
  • Alert your wireless provider if your phone is missing. Make the call as soon as you know your device is missing after you have used the Find My Phone/Device feature. They can permanently or temporarily disable the SIM card to stop someone from using the device on the cell network.

Accounts:

  • Turn on two-factor authentication. That means you’ll give your password and a second way to prove that you’re you. This extra layer of security makes it much harder for thieves to get into your accounts and lock you out. Many providers give several options to authenticate your identity, so be sure you have a backup method (like one-time use codes or a backup email address) in case you don’t have access to your device to receive texts or phone calls.
  • Know which devices have access to your accounts. Many social media sites and email providers, and some phone operating systems, let you view the logins for your devices from the settings menu. You can remove devices from the account, and log out of the site remotely using a computer or another device. That’s handy if ever you lose your phone, tablet, or laptop.
  • Check your log-in and account notifications. Many email and social media accounts can notify you if a new device connects to your account, or if someone tried to change your passwords.
  • When in doubt, change your passwords. If you’ve lost your device, change your passwords. Many of us set our devices to remember passwords – which could mean that someone who gets your phone could get access to your accounts and personal information. So: if you lose your phone, change your email, social media, online banking, shopping, and other passwords right away.

For more tips on what to do to protect yourself from identity thieves, check out ftc.gov/idtheft.

Need further help?  If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

ASUS Settles FTC Charges Routers Put Consumers’ Privacy At Risk

ftc_logo_430ASUSTeK Computer, Inc. (ASUS)  has agreed to settle Federal Trade Commission charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk. The administrative complaint also charges that the routers’ insecure “cloud” services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the internet.  If you have a ASUS router at home, perhaps it is time for an upgrade.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”

ASUS marketed its routers as including numerous security features that the company claimed could “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” Despite these claims, the FTC’s complaint alleges that ASUS didn’t take reasonable steps to secure the software on its routers.

For instance, according to the complaint, hackers could exploit pervasive security bugs in the router’s web-based control panel to change any of the router’s security settings without the consumer’s knowledge.  A malware researcher discovered an exploit campaign in April 2015 that abused these vulnerabilities to reconfigure vulnerable routers and commandeer consumers’ web traffic. The complaint also highlights a number of other design flaws that exacerbated these vulnerabilities, including the fact that the company set – and allowed consumers to retain – the same default login credentials on every router: username “admin” and password “admin”.

According to the complaint, ASUS’s routers also featured services called AiCloud and AiDisk that allowed consumers to plug a USB hard drive into the router to create their own “cloud” storage accessible from any of their devices. While ASUS advertised these services as a “private personal cloud for selective file sharing” and a way to “safely secure and access your treasured data through your router,” the FTC’s complaint alleges that the services had serious security flaws.

For example, the complaint alleges that  hackers could exploit a vulnerability in the AiCloud service to bypass its login screen and gain complete access to a consumer’s connected storage device without any credentials, simply by accessing a specific URL from a Web browser. Similarly, the complaint alleges that the AiDisk service did not encrypt the consumer’s files in transit, and its default privacy settings provided – without explanation – public access to the consumer’s storage device to anyone on the Internet.

In February 2014, hackers used readily available tools to locate vulnerable ASUS routers and exploited these security flaws to gain unauthorized access to over 12,900 consumers’ connected storage devices.

The Commission alleges that, in many instances, ASUS did not address security flaws in a timely manner and did not notify consumers about the risks posed by the vulnerable routers.  In addition, the complaint alleges that ASUS did not notify consumers about the availability of security updates.  For example, according to the complaint, the router’s software update tool – which allowed consumers to check for new router software – often told consumers that their router was on the most current software when, in fact, newer software with critical security updates was available.

In addition to establishing a comprehensive security program, the consent order will require ASUS to notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through email, text message, or push notification).  The consent order will also prohibit the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software.

This matter is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they provide to consumers.

The FTC will publish a description of the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through March 24, 2016, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically.

If you or your business have questions or concerns regarding consumer protection, fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

Social Security Fraud

By Tom Beveridge.             On February 26, 2014, Carolyn W. Colvin, the Acting Commissioner of Social Security, testified before Congress regarding the Social Security Administration’s efforts to investigate and stop disability fraud.  Commissioner Colvin indicated that fraud rate in the Administration’s disability programs is actually less than 1 percent; however, no amount of fraud is tolerable.  In fact, she issued this powerful warning to claimants and applicants:

“We have no tolerance for fraud, and I reiterate to those who would defraud Social Security: We will find you; we will prosecute you; we will seek the maximum punishment allowable under the law; and we will fight to restore the money you’ve stolen to the American people. “

In my practice, I am pleased to say that I have very rarely encountered actual cases of Social Security fraud.   However, I have exchanged stories with other practitioners who have been involved in such cases – most of which ended quite badly for the claimants.  Suffice it to say, fraud simply isn’t worth the risk.

Fraud occurs when an individual knowingly and intentionally makes false statements or conceals material facts in an attempt to obtain benefits.   Examples of such conduct include using false Social Security numbers, offering false information on applications, forging or falsifying Social Security documents, conspiring to present a false claim for benefits, etc.    From the initial application process and ongoing, Social Security personnel are on the lookout for fraudulent claims, statements or actions.

The penalties for Social Security fraud can be very significant.   Obviously, the SSA can reopen a claim or determination to eliminate any false information and reevaluate the claim.   Significant criminal and civil penalties also exist depending on the type of fraud involved.   For example, making false statements in an attempt to secure benefits is a misdemeanor and carries a penalty of up to a $1,000.00 fine and up to 1 year in jail.   Even worse, an individual who presents a false claim under the guise that he or she is someone else who may be entitled to such benefits faces a felony punishable by a fine of up to $10,000.00 and imprisonment of up to 5 years.  42 U.S.C. §1307.  In addition to criminal penalties, an individual convicted of fraud will have to repay the SSA any amounts received.

As with any application for benefits, it is absolutely critical that a claimant provide truthful and complete information during the process.   When discovered, false information simply “red-flags” an application, and the denial of benefits is the likely end result.

1 Comment

Filed under Criminal Law, Social Security

Protect yourself & your loved one’s from being scammed

Many of us know people who have been the victim of a scam artist or scheme.  My father, before he passed, was one such victim.  I did not know it was going on, heck, no one in the family knew it was happening until one day I get a call from his bank advising me that he was attempting to withdraw large sums of money out of an account that we had recently switched to both our names.  The bank was under no obligation to call me, but I’m sure glad they did.  Unfortunately, it was a day late and more than a dollar short.  After contacting my mother I was able to determine that he had sent over $100,000 to these scam artists.  I immediately went into protection mode, but a lot of these individuals/groups are outside the jurisdiction of the United States, so very little can be done.

Really the only way to protect yourself or your loved one’s against this type of thing is to be prepared.  The FTC has some very simple guidelines and advise that I outline below. Remember, nothing is more important than talking to friends &/or family about these things.  It’s one thing to be embarrassed, it’s a complete other thing to give away your life savings.  Don’t get fooled.  Protect yourself.

The scam truck

The scam truck (Photo credit: jepoirrier)

BEWARE. . .

  • Beware of high pressure sales tactics offering to sell you products at reduced prices, or secret deals, or no-risk high yield investments! Don’t spend a dime until you check on the company first!
  • Beware of anyone posing as a government or company official asking your help to “catch a criminal!” Call the police immediately — it’s a trick.
  • Beware of ANY OFFER from ANYONE who promises — if you send a contribution — to fight for you to make sure you keep receiving your Social Security check or Medicare coverage!
  • Beware of anyone who offers to do home remodeling work for you who comes to your door unsolicited or who calls you on the phone. Check these people out.
  • Beware of any organization that can’t provide references. Ask for contact information and then verify that the organization is legitimate.

NEVER. . .

  • Never reveal (all or part of) your creditcard number, Social Security number, or bank account number to ANY CALLER for ANY REASON! 
  • Never hire people to build or repairanything until you check on them and the quality of their work first! Tell them you want references. If they refuse . . . call someone else! 
  • Never pay for ANYTHING you didn’torder yourself, regardless of what you are told by the company or anyone! 
  • NEVER talk about your money with a stranger and NEVER, NEVER keep or hide large amounts of money in your home. A robber or burglar will most probably find it.

DON’T. . .

  • Don’t be fooled by anyone offering a refund information service to obtain a return of your money lost in a previous consumer trap! This new angle is just the latest con game.
  • Don’t tell anyone you live alone.
  • Don’t admit any strangers to your home — NO MATTER THE REASON — NO MATTER HOW INSISTENT THEY ARE. Check on them first, even call the police, if necessary!
  • Don’t be over-generous. Giving to charities is an admirable quality. But sometimes, if you give too much, too often, to these organizations, you could become a charity case yourself!

IF/WHEN . . .

  • If you receive a post card or letter marked “Official Notification,” or “Final Notice,” or “48 Hour Notice,” informing you that you are a contest winner, but you must call a 1-800 number to receive a “free” gift, BE CAREFUL. That “gift” might cost YOU money in the end!
  • If notified you are a winner in a contest, BUT to receive the prize you must send money to cover the tax and the handling fee, save your money! The value of the “prize” may not match the amount you have to pay!
  • There are both Pennsylvania and Federal law restrictions regulating 900 numbers. Intrastate calls (usually 970 or 976) require cost disclosures at the start of the call. Federal and state laws prohibit phone companies from disconnecting service for unpaid 900 number charges.
  • The Federal Trade Commission is a resource for information about possible consumer fraud. Seewww.ftc.gov or call (877) 382-4357

Leave a comment

Filed under Uncategorized