Tag Archives: FTC

Tech Support Fraudsters to Pay

A federal court ordered that the assets of the operators of an alleged tech support scam be used to reimburse consumers who lost money to the defendants’ scheme.

US District Court ED PAThe U.S. District Court for the Eastern District of Pennsylvania agreed with the FTC, the State of Connecticut, and the Commonwealth of Pennsylvania that the money held by a court-ordered receiver was acquired by the defendants “through fraud and other improper means” and should be used for the benefit of consumer victims.

ftc

The FTC alleged that the defendants used Internet ads and popups that claimed to be from major tech companies like Microsoft and Apple to trick consumers into calling the defendants and buying tech support services.

In May, the Federal Trade Commission (FTC), Connecticut and Pennsylvania announced settlements with Bruce Bartolotta, Click4Support, LLC, Spanning Source LLC, George Saab, Chetan Patel and Niraj Patel as well as Innovazion Inc., Innovazion Research Private Limited, Abhishek Gagneja, and Rishi Gagneja. Under the settlements, the defendants are banned from marketing technical support services and agreed to pay a total of more than $554,000 and to forfeit $1.3 million held by the receiver. The settlements were announced as part of the Operation Tech Trap initiative, an international crackdown of tech support scams announced by the FTC in May.

Consumers who believe they were victims of the tech support services operated by the defendants can file a consumer complaint with the FTC by visiting www.ftccomplaintassistant.gov or by calling (877) 382-4357.

If you or your business have legal questions or concerns regarding computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Advertisements

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Did the FCC Just Kill the Internet?

ftc_logo_430Federal Trade Commission (FTC) Acting Chairman Maureen K. Ohlhausen issued the following statement in response to today’s vote by the Federal Communications Commission (FCC) on the Restoring Internet Freedom Order regarding net neutrality:

“The FCC’s action today (December 14, 2017) restored the FTC’s ability to protect consumers and competition throughout the Internet ecosystem. The FTC is ready to resume its role as the cop on the broadband beat, where it has vigorously protected the privacy and security of consumer data and challenged broadband providers who failed to live up to their promises to consumers. In addition, the FCC’s new transparency rules provide additional tools to help ensure that consumers get what they expect from their broadband providers, who will be required to disclose their traffic management practices. The Memorandum of Understanding establishes a framework for FTC-FCC cooperation. Together we will move ahead to protect consumers and help ensure they enjoy the many benefits of online innovation.”

So did the FCC just kill the internet?  Probably not, but time will tell.

If you or your business have legal questions or concerns regarding communications law, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Fraud alert, freeze or lock after Equifax?

After the Equifax breach, clients and friends have been coming to us with questions. Some people are considering placing a fraud alert on their credit file. Others are thinking about freezing or locking their credit files to help prevent identity thieves from opening new accounts in their name. Here are some FAQs to help you think through your options.

FRAUD ALERT

  • What is it? A fraud alert requires companies to verify your identity before extending new credit. Usually that means calling you to check if you’re really trying to open a new account.
  • How does it work? The process is easy – you contact any one of the three nationwide credit reporting agencies (Equifax, Experian, TransUnion) and that one must notify the other two.
  • How long does it last? An initial fraud alerts last 90 days. After 90 days, you can renew your alert for an additional 90 days, as many times as you want. Military who deploy can get an active duty alert that lasts one year, renewable for the period of deployment. Identity theft victims (whose information has been misused, not just exposed in a breach) are entitled to an extended fraud alert, which lasts seven years.
  • How much does it cost? Fraud alerts are free.
  • Is this for me? With a fraud alert, you keep access to your credit and federal law protects you. But an initial fraud alert lasts only 90 days and then you’ll need to remind yourself to renew it every 90 days.

CREDIT FREEZE

  • What is it? A credit freeze limits access to your credit file so no one, including you, can open new accounts until the freeze is lifted.
  • How does it work? To be fully protected, you must place a freeze with each of the three credit reporting agencies. Freezes can be placed by phone or online. You’ll get a PIN to use each time you freeze or unfreeze, which may take one to three business days.
  • How long does it last? A freeze lasts until you temporarily lift or permanently remove it (except in a few states where freezes expire after seven years).
  • How much does it cost? Fees are set by state law. Generally, it costs $5 to $10 each time you freeze or unfreeze your account with each credit reporting agency. You can get a free freeze if you are an identity theft victim, or in some states, if you’re over age 62. Equifax is offering free freezes until January 31, 2018.
  • Is this for me? Freezes are generally best for people who aren’t planning to take out new credit. Often, that includes older adults, people under guardianship, and children. People who want to avoid monthly fees also may prefer freezes over locks.

CREDIT LOCK

  • What is it? Like a freeze, a credit lock limits access to your credit file so no one, including you, can open new accounts until you unlock your credit file.
  • How does it work? Like a freeze, to be fully protected, you must place locks with all three credit reporting agencies. With locks, however, there’s no PIN and usually no wait to lock or unlock your credit file (although the current Equifax lock can take 24 to 48 hours). You can lock and unlock on a computer or mobile device through an app – but not with a phone call.
  • How long does it last? Locks last only as long as you have an ongoing lock agreement with each of the credit reporting agencies. In some cases, that means paying monthly fees to maintain your lock service.
  • How much does it cost? Credit reporting agencies can set and change lock fees at any time. As of today, Equifax offers free locks as part of its free post-breach credit monitoring. Experian and TransUnion may charge monthly fees, often about $20.
  • Is this for me? Depending on your particular lock agreement, your fees and protections may change over time. So, if you sign up for a lock, it’s hard to be sure what your legal protections will be if something goes wrong later. Also, monthly lock fees can quickly exceed the cost of freezes, especially if the lock fees increase over time.

The FTC has more information for consumers about protecting their identity, including Credit freeze FAQsFraud alert or credit freeze – which is right for you, and Free freezes from Equifax. Also, check out the FTC’s resource page about the Equifax data breach. And if your personal information has been misused,  visit IdentityTheft.gov to report identity theft and get a personal recovery plan.

Initial fraud alerts, credit freezes, and credit locks: What’s the difference?
What you should know about Initial fraud alerts Credit freezes Credit locks
Purpose Verify your identity before extending new credit Restricts access to credit file to prevent identity theft
Legal protections Based on federal law (Fair Credit Reporting Act) Based on state law Based on consumer’s lock agreement with each credit reporting agency (CRA)

Varies by CRA & may change over time

Fees Free
  • Free from Equifax until January 31, 2018
  • Free for id theft victims & in some states free for people over age 62
  • Otherwise, $5-$10 per credit reporting agency (CRA) each time you freeze or unfreeze
  • Free from Equifax, as part of free credit monitoring service
  • Otherwise, CRAs may charge monthly fees
  • Monthly fees may change
Links Place a fraud alert with any one of the three:

Place a credit freeze with all three:

Place a credit lock with all three:

Turning them on and off A fraud alert:

  • Lasts 90 days
  • Can be renewed for free for an additional 90 days, as many times as you want
To freeze or unfreeze:

  • Online or by phone
  • Requires a PIN
To lock or unlock:

  • Online only
  • No PIN required

Downloadable PDF version

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy

The Dark Web: What you and your business need to know

ftcDuring a recent meeting at Prince Law Offices, P.C., we were discussing ransomware and the dark web.  The Federal Trade Commission (FTC) recently posted a helpful description of the dark web and how it may impact you and your business.

You probably have heard about the “dark web” and wondered how it affects businesses – including small businesses. That was one of the topics addressed at an FTC conference earlier this year on identity theft. Recent headlines about high-profile data breaches have added even more urgency to the discussion. So why should the dark web matter to your company? Unfortunately, when a business suffers a breach, the dark web is often the next stop that sensitive data makes after it’s been stolen.

What is the dark web?

It’s a term that describes places on the internet not indexed by traditional search engines. While not every site on the dark web engages in criminal activity, the dark web is where sites that illegally sell consumer data and other black market goods tend to congregate. For identity thieves, the dark web is a sophisticated marketplace providing one-stop shopping to get the tools to commit cybercrime – whether it’s malware kits, stolen account information, or “drop” or “cash-out” services to help monetize their crimes.

What’s the link between the dark web and a business that experiences a breach?

In many instances, data stolen from businesses ends up on the dark web where criminals buy and sell it to commit fraud, get fake identity documents, or fund their criminal organizations.

Dark web offerings often include but aren’t limited to stolen credit cards. Identity thieves also can get compromised bank accounts, health records, credentials, and forged documents. They can even buy entire wallets, complete with credit cards, driver’s licenses, and documents like Social Security numbers and birth certificates – everything a criminal needs to create a new identity.

 

 

How does the dark web impact small businesses?

With so much media focus on data breaches at companies that possess personal information about millions of consumers, some smaller businesses and organizations might think that cybercriminals wouldn’t target them. They would be wrong. First, the reality is that cybercriminals don’t always target a particular business. They often use automated tools to scope out vulnerabilities in any system, including small businesses. Second, as presenters noted at the FTC conference, information available for sale on the dark web is up to 20 times more likely to come from an entity whose breach wasn’t reported in the media. Many of these are smaller retailers, restaurant chains, medical practices, school districts, etc. In fact, most of the breaches the U.S. Secret Service investigates involve small businesses.

There’s another way that data breaches injure us all. Identity theft and fraud have become go-to methods for funding criminal activity in the U.S. and around the world.

And all of this data links back to a real person – your customer – whose life can be adversely affected. Turning their financial affairs into a Gordian Knot is just the start. Some people have had their licenses revoked, been pulled over and arrested, or had criminal warrants issued in their name because of identity theft. When their information is used to commit medical identity theft, even their health could be at risk. Criminals have been known to use stolen data to get medical care or prescription drugs in someone else’s name. When an identity theft victim’s medical records become commingled with a perpetrator’s health information, the consequences could be catastrophic.

What can you and your business do to reduce the risk that information you collect could find its way to the dark web?

It starts with security and continues with your commitment to stick with it. The FTC’s data security page has resources for businesses of any size and sector. If you have customers, employees, or friends who are victims of identity theft, encourage them to report it and get a customized recovery plan at IdentityTheft.gov.

If you or your business have legal questions or concerns regarding disaster preparedness, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Computer Law, Consumer Advocacy, Uncategorized

Stick with Security – Part 1

stick_with_security_1When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies.

The FTC’s Start with Security initiative was built on those fundamentals. Some helpful tips follow.

DON’T COLLECT PERSONAL INFORMATION YOU DON’T NEED.

It’s a simple proposition: If you don’t ask for sensitive data in the first place, you won’t have to take steps to protect it. Of course, there will be data you must maintain, but the old habit of collecting confidential information “just because” doesn’t hold water in the cyber era. Continue reading

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

Stick with Security: FTC Providing Insights on Data Security Practices

ftc_logo_430As part of its ongoing efforts to help businesses ensure they are taking reasonable steps to protect and secure consumer data, the Federal Trade Commission (FTC) is publishing a series of blog posts using hypothetical examples based on lessons from closed investigations, FTC law enforcement actions, and questions from businesses. These new posts will build on the FTC’s Start with Security guide for businesses.

FTC Acting Chairman Maureen K. Ohlhausen pledged earlier this year to be more transparent about the lessons learned from the FTC’s closed data security investigations and to provide additional information for businesses about practices that contribute to reasonable data security, culminating in this “Stick with Security” Initiative.

In the first blog post published July 21, 2017, the FTC highlights some of the themes that have emerged from an examination of closed FTC data security investigations. For example, while news reports might call attention to a data breach, they might not focus on the fact that the company that suffered the breach had encrypted the data, which substantially reduces the risk of consumer injury (and legal liability). Another lesson gleaned is that security researchers’ valuable work can alert us to new vulnerabilities, but sometimes the risk of a vulnerability being exploited to cause consumer injury is more theoretical than likely. Another key lesson is that in almost every closed case, the entities involved used the same common-sense security fundamentals outlined in the FTC’s Start with Security guide for businesses.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy

FTC Cybersecurity Roundtables with Small Businesses

The Federal Trade Commission (FTC) is hosting small business owners in a series of public roundtables across the United States to discuss the most pressing challenges small businesses face in protecting the security of their computers and networks.

Engage, connect, protect - small business & data security roundtablesThe Engage, Connect, and Protect Initiative: Small Business and Data Security Roundtables are part of an ongoing initiative by Acting FTC Chairman Maureen K. Ohlhausen aimed at helping small businesses, which included the launch of a new website in May focused on helping small business owners avoid scams and protect their computers and networks from cyberattacks. There are more than 28 million small businesses nationwide, employing nearly 57 million people, according to the Small Business Administration (SBA).

“The FTC has been a leader in guiding businesses of all sizes on how to protect the data in their care,” Acting Chairman Ohlhausen said. “Companies with only a few employees face unique challenges when it comes to cybersecurity. We’ll use what we learn in the roundtables to tailor our practical resource materials for small businesses.”

The first roundtable event will take place July 25 in Portland, Oregon, in partnership with the National Cyber Security Alliance (NCSA), the SBA, and other organizations. This event will be followed by a roundtable discussion in Cleveland, Ohio, on September 6, hosted by the FTC and the Council of Smaller Enterprises and in collaboration with the SBA. Another roundtable event will take place later in September in Des Moines, Iowa, sponsored by the NCSA.

The roundtables will bring together FTC staff along with the SBA and other federal partners, industry associations, and the small business community. The comments and feedback generated by the roundtables will be used to help the FTC and its partners provide additional education and guidance for small business owners on cybersecurity issues.

If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, contact attorney Jeffrey A. Franklin at Prince Law Offices.

Leave a comment

Filed under Business Law, Communications Law, Computer Law, Consumer Advocacy, Energy Law