Beware of “Can you hear me?” phone scam

Source: Article by Kathy Kristof of CBS News (http://www.cbsnews.com/news/beware-new-can-you-hear-me-scam/); accessed 31 January 2017.

The public are being warned about this latest phone scam, the “can you hear me” con. It is actually a variation on earlier scams aimed at getting the victim to say the word “yes” in a phone conversation. That affirmative response is recorded by the fraudster and used to authorize unwanted charges on a phone or utility bill or a stolen credit card. Once they have the recorded “yes,” they say that you have agreed to something.

So you may be asking how you can be charged if you don’t provide a payment method? The fraudster already has your phone number, and many phone providers pass through third-party charges. Additionally, the fraudster may already have some of your personal information such as a credit card number or utility bill (possibly as the result of a data breach). When you dispute the charge, they can say that they have your consent on a recorded call.

What can you do? Kathy’s article (http://www.cbsnews.com/news/beware-new-can-you-hear-me-scam/) suggests the following:

If you suspect you have already been victimized, check your credit card, phone and cable statements carefully for any unfamiliar charges. Call the billing company — whether your credit card company or your phone provider — and dispute anything that you didn’t authorize on purpose. If they say you have been recorded approving the charge and you have no recollection of that, ask for proof.

If you need help disputing an unauthorized credit card charge, contact the Federal Trade Commission. If the charge hit your phone bill, the Federal Communications Commission regulates phone bill “cramming.”

If you have not yet been victimized, the best way to avoid telemarketing calls from con artists is to sign up for a free blocking service or simply let calls from unfamiliar numbers go to your answering machine. Scammers rarely leave a message.

If you do answer a call from an unfamiliar number, be skeptical of strangers asking questions that would normally elicit a “yes” response. The question doesn’t have to be “can you hear me?” It could be “are you the lady of the house?”; “do you pay the household telephone bills?”; “are you the homeowner?”; or any number of similar yes/no questions. A reasonable response to any of these questions is: “Who are you, and why do you want to know?”

If the caller maintains they are with a government agency — Social Security, the IRS, the Department of Motor Vehicles or the court system — hang up immediately. Government officials communicate by mail, not phone (unless you initiate the call). Many con artists use the aegis of authority to convince you to keep talking. The longer you talk, the more likely you are to say something that will allow them to make you a victim.

Attention Android Device Owners: Do not use “CAC Scan” app

CAC Scan1From the Information Protection office at Barksdale AFB:

There is a new app available in the Google Play store for Android devices called “CAC Scan.”

DO NOT USE THIS APP!

The app is designed to scan the bar code on the front of a military CAC and provide you a read out of the personal data including the name, SSN, DOD ID number, etc.   And yes, it works.   A little research shows the app developer is an American most likely associated with U.S. Army (either active duty, gov or CTR) and lives in the US.CAC Scan2

Several disturbing questions remain:

  1. When you scan your (or someone else’s) CAC, where else does the data go; i.e., who else gets a copy of the results?
  2. Why would you need this app? You already know your personal info on your CAC… who’s info are you trying to obtain and why?

We cannot see any valid reason to use this app and the ‪‎OPSEC/privacy implications are disturbing. It could be used to compromise PII on unsecured or stolen CACs.  All the more reason to ensure we properly secure our CACs.

 

Please use EXTREME CAUTION when downloading and using any app – especially one that deals with your personal information.

For reference:

DoDI 1000.13, January 23, 2014

2. GUIDELINES AND RESTRICTIONS. The guidelines and restrictions of this section apply to all forms of DoD ID cards.

a. Any person willfully altering, damaging, lending, counterfeiting, or using these cards in any unauthorized manner is subject to fine or imprisonment or both, as prescribed in sections 499, 506, 509, 701, and 1001 of title 18, United States Code (U.S.C.) (Reference (u)). Section 701 of Reference (u) prohibits photographing or otherwise reproducing or possessing DoD ID cards in an unauthorized manner, under penalty of fine or imprisonment or both. Unauthorized or fraudulent use of ID cards would exist if bearers used the card to obtain benefits and privileges to which they are not entitled. Examples of authorized photocopying include photocopying of DoD ID cards to facilitate medical care processing, check cashing, voting, tax matters, compliance with appendix 501 of title 50, U.S.C. (also known as “The Service member’s Civil Relief Act”) (Reference (v)), or administering other military-related benefits to eligible beneficiaries. When possible, the ID card will be electronically authenticated in lieu of photographing the card.

h. An ID card shall be in the personal custody of the individual to whom it was issued at all times. If required by military authority, it shall be surrendered for ID or investigation.

Title 18 U.S.C.

Section § 701. Official badges, identification cards, other insignia. Whoever manufactures, sells, or possesses any badge, identification card, or other insignia, of the design prescribed by the head of any department or agency of the United States for use by any officer or employee thereof, or any colorable imitation thereof, or photographs, prints, or in any other manner makes or executes any engraving, photograph, print, or impression in the likeness of any such badge, identification card, or other insignia, or any colorable imitation thereof, except as authorized under regulations made pursuant to law, shall be fined under this title or imprisoned not more than six months.

T-Mobile, Experian Data Breach Exposes Personal Info For 15M Consumers

TMobileExperianBreachHackers have reportedly stolen personal information for around 15 million consumers from a database of T-Mobile customers and applicants that was held by Experian. The compromised data comes from anyone who applied for a T-Mobile account after Sept. 1, 2013 and before Sept. 16, 2015.

Anyone who applied for a new contract or financed a phone through T-Mobile in the last two years should keep a vigilant eye on their bank and card accounts.

Read the full article for details on Consumerist.com.

Visit our Identity Theft page for ways to protect yourself and your family members.

 

Tips to Avoid Being a Victim of Tax Identity Theft

456932192_89f66d45c6This week is Tax Identity Theft Awareness Week. Tax identity theft happens when someone files a fake tax return using your personal information — like your Social Security number — to get a tax refund or a job. Here are some tips to help you lessen the chance you’ll be a victim and learn what to do if you are.

Tip #1:  File early in the tax season — if you can — to get your refund before identity thieves do. When you file, make sure you use a secure internet connection or mail your tax return directly from the post office to make it more difficult for thieves to get their hands on your personal information. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #2: What should you do if you think your Social Security number has been stolen? Or if you get a letter from the IRS saying more than one tax return was filed in your name, or that IRS records show wages from an employer you don’t know? Call the IRS Identity Theft Protection Specialized Unit at 1-800-908-4490. Report the fraud and ask for IRS ID Theft Affidavit Form 14039.  If you are a tax identity theft victim, the IRS may give you a personal PIN number to verify your identity and protect your file going forward. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #3: Have you heard about IRS imposters? Tax scammers posing as the IRS call and say you owe taxes, and threaten to arrest you if you don’t pay right away. They might know all or part of your Social Security number, and they can rig caller ID to make it look like the IRS is calling. Before you can investigate, they tell you to put the money on a prepaid debit card and tell them the card number. The IRS won’t ask you to pay with prepaid debit cards or wire transfers, and won’t ask for a credit card number over the phone. If the IRS needs to contact you, they will first do it by mail. If you have any doubts, call the IRS directly. Learn more at ftc.gov/taxidtheft and irs.gov/identitytheft.

Tip #4: Here are some other tips to lessen the chance you’ll be a victim of tax identity theft:

  • Always protect your Social Security number or Medicare card number: don’t give it out unless you have to, and always ask why it’s needed, how it’s going to be used, and how it will be stored.
  • Shred old taxes returns you’re no longer required to keep, as well as draft returns, extra copies, and calculation sheets.
  • Ask for recommendations and research tax preparers before you turn your personal information over to them.

Tip #5: Once tax identity thieves have your Social Security number and personal information, they can use them to commit other forms of identity theft, such as opening new financial accounts in your name. For steps you can take to deal with identity theft, go to ftc.gov/idtheft. Also remember to check your credit report annually. It’s free at annualcreditreport.com.

Freedom Stores to provide over $2.5 million in refunds and penalties

CFPB_2tone_Horiz400The Consumer Financial Protection Bureau (CFPB) and the Attorneys General of North Carolina and Virginia took action today to protect military servicemembers from illegal debt collection practices. The CFPB alleges that Freedom Stores, Inc., Freedom Acceptance Corporation, and Military Credit Services LLC used illegal tactics to collect debts, including filing illegal lawsuits, debiting consumers’ accounts without authorization, and contacting servicemembers’ commanding officers. The CFPB and the states filed a consent order in federal court to require the three companies and their owners and chief officers, John Melley and Leonard Melley, Jr. to provide over $2.5 million in consumer redress and to pay a $100,000 civil penalty.

Read the full article on the Consumer Financial Protection Bureau’s web site at: http://www.consumerfinance.gov/blog/freedom-stores-to-provide-over-2-5-million-in-refunds-and-penalties/

New Allotment Rule Protects Troops From Lending Scams

DODcBy Terri Moon Cronk, DoD News, Defense Media Activity

WASHINGTON, Nov. 21, 2014 – Defense Secretary Chuck Hagel has directed a policy change in new paycheck allotments to prevent unscrupulous commercial lenders from taking advantage of troops and their families, Pentagon officials said today.

According to a Defense Department news release published today, effective Jan. 1, 2015, the change in DoD’s Financial Management Regulation will prohibit service members from allotting pay to buy, lease or rent personal property, a senior DoD official said.

Improving Protection for Service Members

According to the release, this policy change will eliminate that aspect of the allotment system most prone to abuse by unscrupulous lenders that prey on service members.

This will significantly improve protections for all service members and their families, while not significantly reducing the flexibility to use allotments for a number of legitimate purposes, the release reported.

New Allotment Changes

DoD officials said that while existing allotments are not affected, service members will no longer be able to make allotments for the following types of purchases: READ MORE on Defense.gov…