Protect Yourself from Summer Vacation ID Theft Threats
Vice President and ID Theft Practice Leader
Identity theft could be the number one threat to your family's summer vacation in 2017 as ID theft criminals and fraudsters target parents and children.
Unfortunately, one of the first summer vacation ID theft threats is the use of social media and an endless trail of photos and updates while on vacation. This enables ID-theft criminals by telling them the best time to rob your home - because you're away. Where possible, you should turn off your location settings and delay the posting of your vacation photos until you return home, especially if those photos contain geographical information (geotagging).
A second summer vacation threat includes scams such as phishing, including websites promoting free vacations, financial institution phishing (fake bank websites), fake job phishing (fake job offers) and voice phishing (fake caller ID and fake customer service representatives calling you pretending to be with companies you have a relationship with).
A third summer vacation threat includes credit and debit card skimming where your credit and debit card transactions continue to be a primary target for ID Theft criminals. In particular, I have listed below four types of skimming fraud that you and your family should be aware of, especially as your travel away from home on summer vacation:
- Pay-at-the-Pump Skimming - unlike ATM skimming devices which are attached to the outside of the ATM on the card reader, Pay-at-the-Pump skimming devices can be placed inside the gas pump unbeknownst to the gas station/convenience store and the customer. Unfortunately, ID Theft criminals are aware that all gas pumps have a universal key which provides easy access to the card readers inside. This allows the ID Theft criminal access to install a skimming device between the card scanner and the computer/control board.
- ATM Skimming - unlike Pay-at-the-Pump skimming devices, financial institution ATM requirements include unique keys and codes for service and maintenance. However, law enforcement has documented multiple methods of ATM Skimming where ID Theft criminals replace PIN pads on branch lobby ATMs with manipulated devices that collect card details and PIN's as customers use their cards. Law enforcement has also reported on how ID Theft criminals attach a skimming device and a pinhole camera just above the keypad of an ATM so while the skimmer collects credit / debit card information, the camera captures the associated PIN number.
- POS (Point-of-Sale) Skimming - happens when a POS credit card reader is breached by the ID Theft criminal by attaching a small skimming device inside the card reader. The skimmer then stores all information for every credit card that is processed through the card reader. Specific to debit cards, the skimmer can even record the PIN number.
- Magnetic Card Reader Skimming - this happens when ID Theft criminals take your card away from you and then bring it back after they have received authorization for a specific transaction (e.g. at a restaurant). Your risk of ID Theft and credit / debit card fraud happens when your card is out of your sight and a dishonest employee or independent contractor swipes it through a card reader that stores the information from the magnetic strip allowing for the creation of a fraudulent credit / debit card.
Examples of industry groups where this can happen include hospitality (e.g. restaurants, bars, hotels, and sports events) and healthcare (e.g. emergency rooms and drive though pharmacies).
As a reminder, ID theft is more than a financial event. ID theft can also be non-financial such as credential ID theft (driver's license, passport, employer ID, and student ID); medical ID theft (medical and pharmacy benefits); tax payer ID theft and refund fraud (along with government and social security benefits); and your children and employment.
Lastly, here is an ID-theft vacation checklist for you to share with family and friends:
- U.S. Postal Service mail should be put on hold, or arrange for your mail to be collected by a trusted family member or friend.
- Newspaper deliveries should be put on hold or designated for charity.
- Schedule on-site house or apartment visit by a trusted family member or friend.
- Use just one credit card and one debit card to minimize risk.
- Password-protect your smartphones, laptops and other electronic devices.
- Pay cash at gas stations or use your credit/debit card inside to minimize the risk of credit/debit card skimming.
- Do not let your debit card out of your sight as unscrupulous servers can skim your card without your knowledge.
- Use caution with wireless Internet connections; most Wi-Fi networks are not secure.
- Keep your receipts and reconcile them with your credit and debit card statements.
- Never leave documents such as registration/insurance in the glove compartment when valet parking.
- Use hotel safes and/or room safes to secure valuables while you are outside your hotel room.
- Call your financial institution and credit card company to let them know the dates of your family vacation, as they will monitor your accounts for irregular activity and unauthorized transactions.
To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.
SCAM ALERT: Creepy Email Con Claims to Be Watching You Online
Before you open an email there are a few things you need to look for.
This Email Scam Has Your Name, Address… and a Virus Attached
A new email con tries to trick recipients into downloading a malware-infected attachment. Sounds standard, right? It is, except this con has their targets' names and addresses, and claims to be monitoring their behavior online.
How the Scam Works:
You receive an email informing you that you've been caught performing fraudulent activities online. One version claims you've been using PayPal to illegally transfer funds. The accusation is false, of course, but the email has your real name and address (although targets report that the address is frequently out of date).
The email's author warns that someone has been monitoring your online activities and collecting evidence to take to the police. Luckily, the scammer has attached the incriminating evidence to the email, so you can see it and respond. How kind!
No matter how curious you are, don't download the file! The attachment adds malware to your device, which scammers then use to capture passwords or hunt for sensitive information.
How to Spot an Email Scam:
- Be wary of unexpected emails that contain links or attachments. Do not click on links or open files in unfamiliar emails.
- Check the reply email address. One easy way to spot an email scam is to look at the reply email. The address should be on a company domain, such a "firstname.lastname@example.org".
- Don't believe what you see. Just because an email looks real, doesn't mean it is. Scammers can fake anything from a company logo to the "Sent" email address.
- Consider how the organization normally contacts you. If an organization normally reaches you by mail, be suspicious if you suddenly start receiving emails or text messages without ever opting into the new communications.
- Be cautious of generic emails. Scammers try to cast a wide net by including little or no specific information in their fake emails. Be especially wary of messages you have not subscribed to or companies you have never done business with in the past.
For More Information:
For more information on avoiding scams, go to bbb.org/avoidscams.
Learn more about scams using PayPal's name, check out this FAQ.
NOTE: PayPal is a BBB Accredited Business.
Courtesy of the Better Business Bureau - for more information visit http://www.bbb.org/phoenix/news-events/
If you believe your identity has been stolen, call 866.SMART68 today.