id theft

The Story Behind the Sonic Breach

/ destinationscreditunion / Leave a comment

It’s been a rough go of things when it comes to the security of debit and credit card as sonicwell as personal information. The massive Equifax breach has already left many Americans feeling unprotected and insecure while Yahoo experienced yet another breach soon afterward. To top it all off, the popular burger chain Sonic Drive-in announced in late September that its payment portals had been compromised.

Experts estimate that information for millions of cards was hacked from the nearly 3,600 Sonic locations across 45 states. The card numbers and details are now up for sale on the darknet.

Here’s what you need to know about the latest in a long line of nationwide security breaches:

What happened?

The breach became a reality when Sonic’s card processing company reported “unusual activity” on a large number of cards that had been recently used at Sonic. Further investigation uncovered a tremendous data breach with the potential to affect millions of consumers.

Sonic utilizes a single point-of-sale system that is deployed at the majority of its locations. Using sophisticated malware, hackers were able to access the system. The malware copied the information on every card that was swiped in the payment terminal, and then sent it back to the hackers.

The hackers then put this information up for sale online, where buyers can use the card details to rack up huge bills, empty accounts or even steal victims’ identities.

While Sonic was quick to share this basic information with the public, it can be months before more details are known and shared with concerned customers.

This breach is similar to the one that hit Wendy’s last year, lasting nine months and affecting 300 restaurants. It took that long to determine the issue and resolve it because many of Wendy’s locations are franchises. Approximately 90% of Sonic’s joints are franchises as well, thus adding to the delay.

Who was affected?

Anyone who’s used a debit or credit card at any of Sonic’s locations during the last year may have been a victim in the breach. It is still unclear exactly how many customers were affected by the breach, though it is estimated that there may be as many as five million victims in this malware attack.

While most cards with compromised info were linked to activity at one of Sonic’s locations, it is possible that other companies’ security systems were also breached.

How did Sonic react to the attack?

Sonic has announced that it will offer all customers 24 months of complimentary fraud protection through Experian’s IdentityWorks program.

Sonic was also quick to hire third-party forensic experts to help investigate the attack and identify the hackers. They have also promised to research ways for improving their current system to better protect customers in the future.

How can you protect yourself from this and all future data breaches?

1.)   Find out if you were affected: If you’re a regular, or even an occasional, Sonic customer, find out if you were affected by the breach. Review your recent account information on all your cards. If you spot suspicious activity, alert your card issuer and place a freeze on your account. You can also place a fraud alert with the credit bureaus. This will warn creditors that you’ve recently been targeted in a hack, alerting them to verify that anyone seeking credit in your name is actually you. Lastly, accept Sonic’s offer of two years of free fraud protection.

2.)   Use fraud protection: Even if you haven’t been affected by this breach, it’s a good idea to sign up for fraud protection. These services don’t usually come free, although, in light of its recent data breach, Equifax is now offering a full year of protection with their TrustedID program, free of charge. Fraud protection services will ease the stress of monitoring your credit for fraudulent activity and unusual behavior.

3.)   Monitor your accounts: It’s always wise to keep a sharp eye on your money – and that means more than just checking that your wallet is safe. Review all checking account activity several times a week to determine whether your account information or debit card has been hacked or stolen. Also, never throw away a credit card statement without carefully reviewing it to be sure every transaction belongs to you. Additionally, it’s wise to shred such paperwork rather than throwing it in the trash. Finally, request a credit report from the three major credit reporting agencies once a year to see if anyone is using your name to rack up a huge bill or take out a generous loan.

4.)   Set up alerts: You can receive notice about suspicious activity almost as soon as they happen by signing up for alerts. Place a maximum transaction amount on your credit and debit card so a thief won’t get away with a huge purchase. You can also limit your transactions to a specific area or region of the country so long-distance hacking won’t work.

Your Turn: How do you protect yourself from data breaches? Share your best tips with us in the comments!

SOURCES:
https://thepointsguy.com/2017/09/credit-card-security-breach-sonic/ 
https://www.google.com/amp/s/amp.usatoday.com/story/708850001/  https://www.google.com/amp/s/www.cnbc.com/amp/2017/10/04/sonic-shares-dip-on-news-of-payment-breach.html 
https://www.google.com/amp/s/amp.businessinsider.com/report-sonic-security-breach-could-affect-millions-2017-9

Equifax Breach: What Happened And How Can You Protect Yourself?

/ destinationscreditunion / Leave a comment

On September 8, 2017, Equifax, one of the major credit reporting agencies, announced a 8480c-hackerbreach from mid-May through July 2017.  During this period, hackers accessed people’s names, social security numbers, birth dates, addresses, drivers license numbers, and credit card numbers.

Equifax has set up a Web site — https://www.equifaxsecurity2017.com — that anyone concerned can visit to see if they may be impacted by the breach. The site also lets consumers enroll in TrustedID Premier, a 3-bureau credit monitoring service (Equifax, Experian and Trans Union) which also is operated by Equifax.

According to Equifax, when you begin, you will be asked to provide your last name and the last six digits of your Social Security number. Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident. Regardless of whether your information may have been impacted, the company says it will provide everyone the option to enroll in TrustedID Premier. The offer ends Nov. 21, 2017.

In addition, you should closely monitor your accounts with financial institutions.  At Destinations, you can set up a “code” word that you will be asked whenever you call in to perform a transaction.  To do that, log into your Online Banking and go to “Info Center” –> “Personal Information” and click the Edit button.  This will allow you to add a code word.  As an additional security measure, you will receive a message in the e-mail you have on record with Destinations to notify you that personal information has been changed.

As always, you should get your free credit reports from all three credit bureaus at least annually.  You can get them all at once or request each at different times of the year.  To get your free credit reports, go to annualcreditreport.com to get yours.

Beware Of WannaCry Ransomware

/ destinationscreditunion / Leave a comment

On Friday, May 12, an unprecedented Trojan virus spread like wildfire through the 8480c-hackerinternet, creating enormous damage and loss.

The WannaCry ransomware attacked 57,000 computers in more than 150 countries in less than a day.

As its name implies, ransomware works by holding a victim’s data under “ransom.” The virus encrypts the files on an infected computer and holds those files hostage unless the victim pays a ransom, in which case the files are promised to be returned, unharmed.

The WannaCry virus demands a payment of $300 in exchange for decrypting infected files. If the victim doesn’t cough up the money within three days, though, the ransom doubles to $600. If a full week goes by without payment, WannaCry deletes all of the files and they are gone forever.

On Saturday, 22-year-old security researcher Marcus Hutchins became an instant hero when he registered a domain name within the virus’ code in an attempt to track its spread, unintentionally slowing its progress.

Unfortunately, though, Hutchins’s actions did not completely halt the virus. By Monday morning, more than 200,000 systems across the globe were reportedly infected. European countries were hit the hardest. Many large companies were forced to close their doors for several days, as were banks, hospitals and government agencies.

As of now, no one is sure who’s behind the virus. However, most experts believe a group known as “The Equation Group” is utilizing a code written by the National Security Agency to exploit flaws in Microsoft Windows and create the virus.

There is no fix for WannaCry, though cyber-security experts are hard at work trying to decrypt infected files. If your computer is infected, it’s best not to pay the ransom. Instead, restore backup files to your computer or seek help from a professional who specializes in restoring lost data. Paying the ransom doesn’t guarantee the return of your files, and it encourages attackers to infect your computer again.

As always, the best way to protect yourself is to be proactive. Here are 5 steps you can take to keep your computer safe from WannaCry and other ransomware:

1.) Create a backup of your files

If you haven’t already done so, invest in an external hard drive and get into the habit of making regular backups of your data. This will protect your files in case anything happens to your computer, saving you lots of time, money and stress.

You can also subscribe to a cloud backup service and regularly upload your most important data. There are multiple free cloud services you can use, such as Google Drive, Apple iCloud or Dropbox. All of them will store your valuable data (to a size limit) without charging you a penny.

2.) Patch your Windows with Microsoft’s fix

Upon discovering that WannaCry spread through a weakness in Microsoft Windows, the software giant released a fix for the vulnerability. Protect your computer from this virus and other ransomware by using the fix to strengthen your computer’s code.

3.) Update your operating system

While the discovered weakness in Windows now has an appropriate band-aid, no one knows if there are any other flaws that can be exploited for another virus. It’s important to update your OS to the most recent version, preferably to Windows 10, as soon as possible. The more updated your software, the less likely it is that it contains vulnerabilities that can be abused.

4.) Use a firewall

A strong firewall will prevent ransomware from accessing your computer and will guard your online activity. No program or malware will be able to enter your system without your full consent.

Since malware is always evolving, it’s important to update your firewall on a regular basis to ensure protection from the most recent viruses and malware. You can purchase your own firewall or utilize available security measures offered by Windows, being sure to check regularly for updated versions.

5.) Avoid suspicious websites and emails

It’s too easy for hackers to infect your computer. All they need is for you to click on a flashing banner ad on your favorite shopping site and – oops! Malware is installed and it now has access to your entire computer and all your files.

Alternatively, following a link on a random email can infect your computer and destroy all your data. When browsing and checking your emails, always be on guard. Never visit suspicious-looking sites or click on any ads that look shady. Don’t download anything you can’t explain, and never click on links found in emails from people or companies you’re not familiar with. A little bit of caution goes a long way toward protecting your computer.

No one knows when WannaCry will stop circulating the web, but it always pays to be careful. Once you’re infected, restoring your data can be stressful, time-consuming, and costly. Taking steps to protect yourself, though, is painless and simple. By implementing the ideas detailed above, you’ll help keep your computer safe from this and any other ransomwares looking to make a buck off your carelessness. Better to be smart and safe than sloppy and sorry!

Your Turn:What security measures do you take to protect your computer from viruses? Share your best tips with us in the comments!

SOURCES:

http://bgr.com/2017/05/15/wanna-cry-ransomware-virus-windows-wannacry-explainer/ 
http://money.cnn.com/2017/05/13/technology/ransomware-attack-protect-yourself/ 
https://www.google.com/amp/s/www.purevpn.com/blog/how-to-protect-from-ransomware/amp/ 
https://www.google.com/amp/www.bbc.co.uk/news/amp/39920141 
https://www.google.com/amp/amp.usatoday.com/story/101690214/  

Get These Things Out Of Your Purse Or Wallet Now!

/ destinationscreditunion / Leave a comment

Your wallet can become a lot like a junk drawer you carry around. It’s cluttered with loyalty cards, coupons, cash, checks, store credit cards, credit cards for gas, credit cards for everyday purchases and a host of identification cards. That much bulk can make your wallet or purse a serious hassle to carry. Even worse, though, you may be setting yourself up for identity theft.

Even though it’s all packed into one place, if it is stolen, each item has to be accounted for individually. Forget even one and you set up a thief to take your credit for a ride. That’s why it’s a good idea to give your purse or wallet a good once over. Look for things you don’t regularly need and store them in another location for use when you do need them.

There are also things you should never carry in a purse or wallet. If you see these items as you’re trimming down your daily carry, take them out immediately.

1.) Your Social Security card

There are only a few times when you absolutely need your Social Security card. If you’re starting a new job, opening a new account or applying for some kinds of government benefits, bring the original card. It’s easy enough to stuff the card into your wallet or purse for one of these occasions and then forget about it.

That could be a big mistake. Thieves can use your original Social Security card to apply for all kinds of unsecured debt in your name. Canceling your Social Security number and getting a new one is a complicated, time-consuming process, and you may be liable for the fraud that’s committed before you complete it. Having your Social Security card stolen is one of the worst things that can happen as far as your personal information is concerned. Keep yourself safe, and get the card out of your wallet! Put it in a secure location in your home, like a lockable desk drawer, file cabinet or safety lock box.

2.) Receipts

This is by far the easiest way to accumulate paper in your wallet. Every single purchase generates a tiny slip of paper. Because you never know which might be needed later, you stick them all into your wallet or purse. Before you know it, you’ve got a novel-sized stack of transactions.

This could be serious trouble if your purse or wallet is ever stolen or lost. While regulations prevent retailers from printing more than the last four digits of your credit card number on a receipt, that could be enough for someone to start building a profile of your purchases, especially when used with the rest of your wallet, like your driver’s license. Thieves can use the last four digits of your card number to fish for more information with a merchant who has the card on file, like a cable company or an online retailer. While they may be caught once you report the card stolen, they’ll have all of the time in between to rack up charges.

If you’re in the habit of using receipts to track your purchases, think about going paperless. Use one of the dozens of mobile scanning apps to turn your phone into a digital filebox. This information can be encrypted to keep it out of the hands of malicious people, but still accessible to you if you need to check a purchase or balance your account.

3.) Tons of credit cards

Every store offers its own card and usually offers incentives to use it, too. Whether it’s a purchase discount or cash back, retailers really prefer to keep their credit card processing in-house. If you shop at a few of these stores, those cards can really add up. Tack on an extra couple of cards for gas purchases, everyday expenses, and work-related stuff, and you could easily end up with a wallet or purse chock full of plastic.

If your wallet or purse is stolen, though, each one of those cards has to be canceled individually. Forgetting even one can put you on the hook for hundreds or thousands of dollars of purchases. It’s best to thin your collection down to the one or two you use regularly. Look for those that can be widely used, provide the lowest fees and best acceptance rates. Put the rest of them into a safe place at home, using them only when you need them.

Once you’re down to your top cards, make a list of their numbers and the steps you’d need to take to cancel them if necessary. Put it next to your Social Security card in a safe place. That way, you know exactly what cards to cancel!

YOUR TURN: It’s time to think about what’s tucked into your purse or wallet. What items make your “essential carry” list and what can you safely leave behind?
SOURCES:

https://blog.mint.com/how-to/whats-in-your-wallet-and-how-can-you-clean-it-out-0214/

http://www.creditcards.com/credit-card-news/9-things-to-know-about-credit_card-receipts-1273.php

https://www.gobankingrates.com/personal-finance/things-never-keep-wallet/ 

IRS Scams 2016

/ destinationscreditunion / Leave a comment


Every year, the Detroit Auto Show brings in visitors from around the world to see the newest models from major car manufacturers. The Consumer Electronics Expo gives us a chance to see all the new gadgets that will be on our wish lists come holiday time. Penny Arcade Expo unveils the year’s new video games that our teenagers will be using to ignore their homework. For those of us who spend our days protecting other people’s money, January is the time of year we get to see the newest makes and models of IRS scams. 

That’s right, they’re back. Scammers are using tax time to take advantage of the unwary, and much like the newest Ford at the auto show or yet another iteration of the Madden video game, all of the hype is kind of disappointing, because this year’s models look so much like last year’s. What happened to innovation? 

So let’s take a look at the “new and improved’ 2016 lineup of IRS scams. Of course, it’s important to remember that innovation can happen at any time, so just because something isn’t listed below, it does not mean it’s not a scam. If you have any suspicion you’re dealing with a scam, hang up, call the IRS or send an email to the Federal Trade Commission (FTC). Caution is your best approach. 

The telephone scams 

Up first is one of the oldest scams in the IRS scam lineup. You get a phone call from someone claiming to be from the IRS and claiming you owe money. They insist that if you don’t pay right now, you’ll go to jail. You might recognize this one as a variation on a grandparent scam or Nigerian Prince scam, but if not, the process is simple: You don’t owe the money and the scammers are trying to get you to give them money they don’t deserve. 

If someone calls you claiming to be from the IRS, even if your caller ID says “IRS” or the like, hang up and call the IRS. If it’s legitimate, then you will be able to find out from the IRS. If not, you’ll find out right away. Remember, you have a right to an attorney, you can have your accountant present if you’re being audited, and you have the right to due process no matter the charge. Don’t ever assume you have to pay anyone right away just because they called you and demanded payment. 

The email scam 

One newer variation of the telephone scam is an email version carrying the same threat, but asking for much less money. This is a traditional phishing scam in which scammers ask for a modest sum that’s payable online. Their hope is that you’ll see a small amount, compare it to the terrible consequences they’re threatening, and pay to make it go away. After all, who wouldn’t spend $50 or $100 to make the IRS go away? Unfortunately, though, you won’t be entering your financial info on a secure site that’s provided by the IRS. You’ll be entering your info on a dummy site that’s set up by scammers to grab your credit card or checking account information. They’ll in turn use that info to rack up all sorts of fraudulent charges. 

As a rule of thumb, never, ever, follow the link in an email to a site where you may be asked to enter financial information.  If you have an email from the IRS, see if you can find your account by going directly to the IRS website.  The same is true for eBay, Amazon, and other retailers that scammers love to impersonate. Yes, it’s easier to follow a link than it is to find the right page on your own, but scammers are counting on that.  A few clicks could save you thousands of dollars. 

The tax preparer scam 

The final variation of this scam is the tax preparer phishing email scam. In this one, the goal is the same as the variation described above. Instead of impersonating the IRS, they’re impersonating a tax preparer. They’ll likely have some authentic-looking credentials, which are fake, and assure you everything’s alright, but you need to update your info on the IRS’ e-file page. The problem is, the link in the email doesn’t take you to the IRS’ page. It takes you to … you guessed it! A dummy page that looks like an IRS page but actually captures the financial information you enter. 

Don’t be a victim. Always follow through with an extra phone call or email. Don’t follow links that are provided in emails and don’t assume that a webpage that looks OK must be OK. It’s tax time, the time of year where we get a national math test, and math tests are stressful for everyone. Scammers know that and they prey on it. 

If you suspect you’ve been the victim of identity theft, let us know. The sooner we know, the more protection we can offer. Also, file a complaint with the FTC and alert one of the major credit bureaus.

Sources:

https://www.irs.gov/uac/Tax-Scams-Consumer-Alerts

Rogue Access Points

/ destinationscreditunion / Leave a comment


We’ve all been there.  It’s been a long day of shopping at the mall, or waiting in an airport, or driving across the country, and we finally get a chance to pull out our phones or laptops and look for WiFi. Good news: You’ve found one that doesn’t require a password!  Free WiFi saves the day. You click accept and head to your favorite place to watch videos of kittens, or whatever people normally do on the Internet … we mostly watch kittens.

There’s just one problem: what if that free WiFi was a trap?  One of the cleverest phishing scams out there right now is built on the lure of free WiFi using rogue access points, and it has enough variations to stay ahead of the security teams at Apple, Samsung, Microsoft and our own security for one simple reason: The soft spot in your security is you. 

Here’s how phishing on rogue access points works:  The scammer will set up a wireless router offering free Internet, often marked “Free WiFi,” “ATT WiFi,” or “Starbucks.”  Would you be suspicious of those networks?  Many people just look for the strongest “free” network, while most of the rest of us look for a name we trust.  How paranoid do you have to be to not connect to Starbucks WiFi at the mall?  Once you connect, though, they have a variety of ways to get any information they want off your phone or laptop. 

Even scarier, some scammers are using programs that tell your phone that the name of the free wireless available from the scammer’s router is whatever name your phone is looking for, so it can even connect automatically while in your pocket.  You can get phished over your phone just by walking in the wrong area. 

Once you’re on their network, they have a variety of ways to steal your info, from just grabbing your session cookies to using keystroke monitors to get logins and passwords, to the traditional phishing technique of creating dummy sites that look like Facebook or major credit card websites to prompt you for your info. 

Here’s what you can do to stay safe: 

  1. Turn off your WiFi unless you’re at home or work.  I know, I know. The only thing worse than mobile network data speed is mobile data network pricing.  Well, maybe mobile network customer service. Unfortunately, all that WiFi you grab every day can be dangerous.  Even if you’re not running into rogue access points, you’ve still got to hope that the coffee shop or burger joint actually pays attention to the security of their wireless router, which few even think to do.  Even those businesses that do think about security rarely spend money on it – rarely are they bringing in a professional. No, they’re asking a minimum wage employee to “take care of it” because “you’re young and good at computers.”  On a related note, isn’t it odd that coffee shops don’t spend more time thinking about their WiFi?  Isn’t that a core business at this point? 
  2. Even then, make sure your home and work WiFi are safe. Endpoint security, like Norton antivirus, is not as effective as it once was, simply because there are so many more points of vulnerability than there were a few years back.  We’ll have an extended look at securing your WiFi network in a future installment, but for today, set up your password with WPA2 Enterprise encryption.  If your router does not support it, it’s time for a new router. 
  3. Rename your home network something like “This Public WiFi is UNSAFE.”  It might sound weird, but if a scammer tries to use software to tell your phone the name of his network is the same as your home network, your phone will tell you it’s connected to “This Public WiFi is UNSAFE” and you can get off of it. 
  4. Apps are your friend.  Most apps, including ours, use HTTPs security, rather than HTTP. This can actually stop some of the tactics many scammers use.  Remember, they don’t want to beat the best security; they want to do as little work as possible and beat those unwary souls who rely on the worst security.  A simple step up is enough to keep many scammers at bay. 
  5. Get an app that prevents rogue access.  Depending on your operating system (OS), you have different options, but search your app store.  It’s worth the trouble and $4.99. 

Sources:

http://www.wikihow.com/Secure-Your-Wireless-Home-Network      

https://www.reddit.com/r/AskReddit/comments/3v98uz/what_are_the_best_computer_hackers_able_to_do/ 

http://networkengineering.stackexchange.com/questions/123/how-do-you-prevent-rogue-wireless-access-points-on-a-network 
http://www.inc.com/security/articles/200801/accesspoints.html 

Keep Yourself Safe During The Holiday Season

/ destinationscreditunion / Leave a comment

Every year, we hear about the same holiday safety tips – don’t drive tired, don’t drive drunk, assume every other driver is drunk and/or tired, etc. Those are all good ideas to keep in mind year-round. Occasionally, we’ll hear one that’s specific to the season, like how frying turkey in the driveway is as dangerous as it is delicious, and it’s also not something to try while drinking or overly tired. Unfortunately, this time of year is also one of financial dangers, many of which you won’t hear about on the morning news or read about in the paper.  Take some time, read our tips, and hopefully you won’t be a holiday victim. 

Keep an eye on your surroundings – Crowded malls and shopping centers are a savory opportunity for pickpockets.  You’re expecting to get bumped and won’t notice one more jostle in a day full of them.  If you do recognize you’ve been robbed, the thief can probably get away into the crowd, disappearing like a needle in a haystack.  Purses should be worn across the body, wallets kept in the front pocket or inside a closed jacket.  Consider leaving the house with the bare minimum, such as your driver’s license or ID, health insurance card and our debit card – which offers fraud protection and security features not available with cash. 

RFID, RFID, RFID – Today’s pickpockets don’t need to take your wallet to cause you problems, because many modern debit and credit cards emit RFID signals with personally identifying information.  If any of your cards have a chip, then you need to account for them. Check our RFID wallet guide for some tips. In a pinch, you can wrap chipped cards in two layers of aluminum foil, which will offer you protection from high-tech pickpockets, but you may get some bewildered stares or questions from folks at the register.

 

Don’t leave checks in the mailbox – At some point, we all learned not to use those colorful envelopes that tell thieves which cards might have checks in them, but we never learned the next step: Don’t put checks in the mailbox at all.  It’s not hard for thieves to grab stuff out of the outgoing mail, whether it has the power company’s name on it or is shaped like a holiday card.  Drop all checks into a big blue mailbox, bring them into your post office branch, or hand them to your postal carrier in person.  By the way, this tip should be followed year-round, and you might want to consider setting up our online bill pay feature to minimize the number of checks you write, as well. 

Understand the dangers of every form of payment – Every form of payment has its dangers.  Cash is portable and untraceable, so it’s a target for thieves.  Cards without EMV chips are in danger from skimmers built into the card reader at registers (like what happened at Target).  EMV cards can be skimmed by people with specialized equipment who bump up next to you.  All cards, cash and mobile phones are in danger of being stolen.  Some experts are even saying that check fraud will be the most dangerous type of identity theft over the next five years.  Even if you attempt to return to agrarian-era bartering, an enterprising thief could run off with the cow you were going to trade for an Old Navy gift card.

Take a breath, recognize the dangers and take reasonable precautions. Do you know what kind of fraud protection you have on each of your credit cards?  Any card about which you’re unsure needs to stay home until you find out.  Unsure about a small boutique’s cyber security? Bring cash. 
Bring your own bag – Shopping bags are a great way for stores to advertise, but they also advertise to thieves.  “This overburdened, overtired, potentially unwary individual is carrying goods from all of these stores,” the bags say “some may even have receipts in them and might have been paid for with cash.” Don’t make it easier for thieves. Instead, bring a tote bag that zips up if you have one, or your canvas grocery bags if you don’t. 
Take a trip to the car – Carrying too much is asking for trouble.  It makes you less mobile, you’re less likely to feel someone remove an item from your bags, and even if no one hassles you, it’s a good way to end up with back pain.  If you’re enduring a marathon trip to the mall, take time every few stores to take your purchases out to the car. Keep receipts in your wallet and take pictures of the bags you put in your trunk (where thieves can’t see), so even in the worst possible scenario, your car insurance can cover the loss of your shopping from a car thief.
Plus, you’ll have less to carry, you’ll get some exercise, and the cold air can help you clear your head to decide if you need to purchase anything else.  Not a bad way to keep from overspending! 
Buy yourself a holiday drink from the coffee shop – You’re probably safer if you’re alert, but that’s just an excuse.  Holiday coffee drinks are delicious, you want one, and we just gave you an awesome excuse to justify the everyday luxury of a peppermint mocha to yourself.  You’re welcome. 
January is coming, be ready – If you’re going to binge on holiday shopping in December, you’ll need to purge in January.  Keep all of your receipts and do an extra-careful reconciliation of your accounts in January.  Be ready to spend a few afternoons making phone calls to make sure every charge is correct and accounted for.  Make sure to check your credit report in January as well.  While you’re checking your credit and your accounts, take the opportunity to start the new year off right:  you have your financial info gathered already, you have your credit report in front of you and your W-2s are starting to show up, so it’s time to do three things:
  1. File your taxes.  Don’t get mad at us, it’s not our fault.  We’re only reminding you to do it early because you’ll already have most of what you’ll need, so getting your homework done on Friday will give you the rest of the weekend off. And don’t forget to have any refund directly deposited to your Destinations account.
  2. Rework your debt.  You have every one of your credit card and other account statements in front of you, so it’s time to make some calls.  For your higher interest cards, it’s time to pay them down, transfer the balances to a MasterCard at Destinations Credit Union or negotiate a lower rate.  This is easier if you’ve got some cash in hand, possibly from the tax refund you now know you’re getting.  You can also take this time to explore using your home equity to eliminate some of the high-interest cards. 
  3. Set up a Holiday Club for 2016.  Alright, you just saw how much money you spent this holiday season.  Next year, resolve to do it all without taking on unnecessary debt.  You’ll save a ton of money and a ton of stress.  The best way to do that is with one of our Holiday Club accounts.  Use this year’s budget as a guide. Next year will be a breeze.

And that’s it.  It sounds like a lot, but it’s really taking the same level of vigilance you would use for normal shopping and increasing it to correspond with the increased spending of the season.  For a good rule of thumb, maybe we should just establish the “3-Mariah” rule:  Once you hear Mariah Carey’s “All I Want for Christmas is You” for the third time on any day, you have to go home – you’ve either spent too long at the mall, or your brain has been turned into holiday slurry and you can no longer be trusted to remain vigilant.  Three Mariahs and you’re out.

The Google Drive Scam Is Back. Why Do We Share Our Info With Strangers?

/ destinationscreditunion / Leave a comment

In July, a group of phishers used Google Drive to lure unsuspecting people into offering up their personal information. This month, a similar scam involving the online employment service, Monster.com, surfaced using Google Drive as its front.  Isn’t particularly fancy – if you’re a regular reader of this space you’ll know the most effective scams rarely look like the last half hour of “The Sting” or “Ocean’s 11” – but it has been effective.

The scam works by creating a false job offering for which applicants share their resume in the hopes of scoring an interview.  Unfortunately, there is no job. They’re just phishing for data.  The more recent version creates an application on Google Drive, which is shared with the victim, who enters their information manually and often gets malware or spyware in return.  The newer version still steals information in the most low-tech way possible: by getting the victim to fall for a lie. But it also includes the high-tech angle of the malware or other malicious scripts, which can scrape the victim’s computer for data in the future.

Google is working to improve its SSL security (a high-tech security protocol whose weakness is the source of this scam), and has been doing so for most of the year.  The ugly secret regarding the tech giant in 2015 is that, at the same time they’ve been setting records on Wall Street – including the largest single-day jump in a company’s value in the history of the universe – they’ve had real problems with their technology.  In addition to the weakness of their SSL protocol, they’ve sworn to fix the bugginess and slow speeds of their Chrome browser, which was once the definition of sleek speed. They also were publically called out over the summer for the cataclysmic failure of GMail’s spam filter, which was letting significantly more spam through while also marking legitimate messages for deletion.  Those failures, coupled with the unpopular new user interface on several of their iOS products and some bugginess complaints regarding Inbox should leave most readers concerned.

If you can’t trust Google, who can you trust? 

More important than this specific scam or Google’s rough 2015 is the larger question the Google Drive scams have raised.  We regularly share more information online than would normally be prudent, and we often take for granted that a large company must has security that’s top-notch.  We might think back to a customer service issue and assume that a positive experience with one branch of the company reflects positively on the whole operation.  But what do we really know?  Here’s a quick rundown of things that might scare you:

Think about all of the information on your resume.  Does it have your contact info?  Your home address? How much information could be gleaned from it, particularly if a scammer were to place that information next to any other information you may not know they have?  How many times have you shared your resume online?  It may be time to make your resume more secure.

Do you sell on eBay?  Buyers can request the listed email and delivery address for sellers once they make a bid.  If you list a high-value item and your home address is listed, what’s to stop someone from breaking into your home and stealing it? You’re not using your work email, are you?  What’s to stop a buyer from using that address to tell your boss about what you’re selling or raise a complaint about how you handled a transaction?

Are you on a dating website?  Hopefully, the Ashley Madison hack was enough to convince you to protect your data and be careful what you share with strangers.  Unfortunately, most of the conversation around the hack focused on the tawdry details about the site, suggesting a more traditionally moral site could never be hacked.

Remember, Christian Rudder, the founder of OKCupid, wrote an entire book about how valuable the data you provide them is.  His thesis was that he had better data about your behavior than all of the scholars writing about human relationships, because you were honest.  In interviews, the founder of Ashley Madison said the same thing:  No one will be honest about sex or infidelity, so only they understood us with our guards down.  How much is our romantic data worth to scammers?

It’s important to think about what you put online and how you can reveal less of yourself.  It’s also important to make sure you protect yourself if your identity or data gets breached.  If you think you might have been the victim of a scam or online data theft, let us know immediately so we can help you get things back to normal.  The sooner we know, the sooner we can protect you.  You can call us at 410-663-2500.

Sources: 
http://www.npr.org/2014/05/15/312815895/gary-kremen-founder-of-match-com
http://www.bbc.com/news/business-26613909
http://phishing.vcu.edu/2015/10/08/job-application-scam-1082015/
http://www.ibtimes.com/google-drive-hack-phishing-campaign-targets-gmail-users-fake-ssl-encryption-2025926

Your Greatest Strength Might Be Your Greatest Weakness

/ destinationscreditunion / Leave a comment
We’ve all had that moment when we were shopping on eBay at 3 a.m. and spotted the deal of the century -an Omega Speedmaster Moonwatch for just $100? That’s the watch that’s been on the moon! Then we realize the price is too good to be true when we see that our newest find will ship from the other side of the planet and the listing features mysteriously blurry photos that obscure key details. Maybe that Moonwatch spelled Saturday with a “B,” because some scams are really easy to spot.  We’ve all seen the scam and after catching ourselves, we’ve all asked ourselves the same question:  Who falls for this garbage?

From behind a computer screen, spotting a scam is as easy as a stroll in the park on a beautiful Saturbay afternoon.  What investigators have realized is that it gets much tougher when fraud happens in person.  In person, all of those skills we’ve developed online go away and we become easy marks.  

The IRL problem

It’s easy to act differently online.  No one knows us there, so we can make up the life we want to live or act without repercussions. Otherwise calm and decent people can become maniacs online if certain topics come up – from vaccinations to the recent play of the local professional quarterback.  For others, the digital world is a place of exploration and indulgence in hobbies that are unavailable offline, as players of World of Warcraft or the thousands of people who left reviews on Food.com’s recipe for ice cubes can attest.  However we change behind the computer, it’s easy to see that we think of ourselves and others differently while online.  Offline, you wouldn’t constantly harass your friends about a farming game, would you?

The same is true when it comes to scams.  When we sympathize with people, we lose the critical distance we need to spot scammers.  If we can connect with a person, we are far more likely to fall for a scam, and talking to them away from the computer increases that personal connection.  

Think about it this way:  The FTC says the most common forms of scams all involve human interaction, not computers.  The most common form of online identity theft isn’t breaking into your credit union — we’re really good at security — it’s phishing, where scammers convince victims to willingly give up their credit card information.  The most common phone scam is the grandparent scam, in which the bad guys use our natural concern for our family to get money out of us. The most common scam ever might be the basis for the modern home improvement scam: using a hard-luck story or the victim’s greed to convince them to pay up front, then never actually do the work.

How to avoid in-person scams

1.) Be wary of surprises and secrets.  Two things that should tip you off right away are really big surprises and really private secrets.  If you won money in a contest you don’t remember entering, you probably didn’t enter it.  If you’re getting a big payday, but you can’t tell anyone about it, you’re probably not getting a big payday at all.  If a company runs a contest, they want to get publicity. If you’ve got contest winnings coming, that company probably made you put down your email address and a bunch more info.  It probably took a while for them to get all of your data.  You’d remember.  Even in old TV shows they understood that surprises and secrets were a bad sign – if a 1960s sitcom hero inherits a mansion from an uncle they’ve never met, you better believe it’s going to be haunted.

2.) Take your time.  If someone needs you to act quickly, that’s often a clear sign of a scam, particularly if the sudden rush is coupled with a surprise as described above.  Scammers understand the power of groupthink – which is what psychologists call that trend among humans to make worse decisions in groups than by themselves – largely stems from an impending time deadline. By denying you time to catch your breath, scammers are trying to rush you into a bad decision and keep you from getting advice from someone with distance and perspective.

3.)  Try to be a robot.  NPR’s “Planet Money” podcast aired an episode covering the danger of our humanity very well.  In it, a banker named Toby convinced dozens of people to help him perpetrate a large-scale fraud simply by telling them his hard-luck story.  He claims that not one of them turned him down.  The case made in the episode is that for each person who heard the story, the ethical decision to commit a fraud and the rational decision to trust a scammer was completely overwhelmed by our sense of sympathy and injustice. Don’t let that be you.  

Hopefully, you’re not going to have to deal with in-person scammers very often. If you do, be sure to contact the FTC here: https://www.ftccomplaintassistant.gov/#crnt&panel1-1 and the FBI here: http://www.ic3.gov/default.aspx 

If you think you may have been the victim of a scam, identity theft, phishing, or any other security threat, let us know immediately.  The sooner we know, the safer your accounts at the credit union.  You can email us at info@destinationscu.org or call us at 410-663-0859.

Sources:
http://www.food.com/recipe/ice-cubes-420398 
https://www.citizensadvice.org.uk/consumer/protection-for-the-consumer/scams/spotting-and-reporting-scams/how-to-spot-a-scam/ 
https://www.fbi.gov/scams-safety/fraud 
http://tvtropes.org/pmwiki/pmwiki.php/Main/OnOneCondition 

http://www.npr.org/sections/money/2012/04/17/150815268/why-people-do-bad-things

The Best RFID-Blocking Wallets For Women

/ destinationscreditunion / 1 Comment


We recently brought you information about the best RFID-blocking wallets for men. Today, we have a review of the best RFID-blocking wallets for women, who have far more options in terms of styles, looks, and formality. If you’d like to read the previous installment, click here http://blog.destinationscu.org/2015/08/the-best-rfid-blocking-wallets-for-men.html.  In it, you can learn about what RFID is and why you need a wallet that blocks the signals from your cards.


Here are our top choices for four very different kinds of card-protecting options:

Women’s Trifold Wallet

by Access Denied ($55.95-$66.95)

http://www.amazon.com/gp/product/B00I0EI5DC/ref=s9_hps_bw_g193_ir14?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=merchandised-search-9&pf_rd_r=00V8ZFC3J61Y0K0DD90X&pf_rd_t=101&pf_rd_p=1925055922&pf_rd_i=7218758011

Our first option is one of the most basic wallets offered to women that is also capable of holding everything while still looking fashionable. The Access Denied trifold wallet has space for your cash, cards, passport and checkbook, so you know that this wallet can handle whatever you need for your day. It’s also available in a variety of neutral tones and common purse colors to coordinate with your everyday bag. It’s hard to find this much convenience and variety under $60.


That said, if you’re a fan of high-quality leather, you might be put off by the lack of full or top-grain leather with this wallet. If that’s something that upsets you, be warned that this guide is very light on such top-flight materials, because the wallet manufacturers don’t seem to use them very often for RFID wallets. If you want to step into high-quality leather goods that keep your identity safe, you’re going to be paying a lot of money.

RFID-Blocking Secure Ladies Mini-Trifold

By ID Stronghold ($49.99)

http://www.idstronghold.com/RFID-Wallet-Ladies-IDSH7105.asp 


Identity Stronghold has an inexpensive wallet that should fit into any purse.  If you want the convenience and storage options of a much bigger wallet, the Identity Stronghold Mini-Trifold has a zippered coin pouch, credit and ID card slots and a pocket for your cash.  The faux-reptile leather finish is a stylish touch that Jane Birkin would appreciate because, unlike the Hermes Bag named for her, no alligators were harmed in making it.  


The wallet comes in a few different faux-reptile finishes, ranging in color tone from muted purple to the bright red pictured here.  It’s deceptively stylish for the price.
 

RFID-Blocking Cross Body Bag (Left)

by Travelsmith ($99.00)

http://www.travelsmith.com/travelsmith-rfid-blocking-crossbody-purse/travel-accessories/security-bags-belts-wallets/rfid/778503?defattrib=&defattribvalue=&listIndex=4

RFID-Blocking Double Frame Clutch (Right)

by Travelsmith ($68.99)

http://www.travelsmith.com/travelsmith-rfid-blocking-double-frame-clutch/sale-clearance/clearance/new-to-clearance/travel-gear/800288?isCrossSell=true&strategy=76

Another option is to find a small bag that you like and use it for carrying your wallet. Both of these options from luggage maker Travelsmith offer full RFID protection for everything within the bags, including credit cards, IDs and passports. Like the Access Denied trifold wallet above, these bags are available in a variety of colors to suit just about any taste.


If you find the idea of moving away from a beloved bag or purse unappealing, the chain straps can be removed from either of the Travelsmiths and the bags can be used as wallets. Each bag comes with some organizational features, but if you want everything to have a place, you may find the lack of dedicated pockets frustrating.

Fine Art RFID-Blocking Card Sleeves

by Armored Wallet ($9.50)

http://www.amazon.com/dp/B00I9K68AY/ref=asc_df_B00I9K68AY3835448/?creative=394997&creativeASIN=B00I9K68AY&linkCode=df0&tag=wwwshopstylec-20&ascsubtag=1586119148 


Finally, we have the option for anyone who would like to keep their current wallet or purse, regardless of style preference or gender. These inexpensive sleeves wrap around your cards individually to protect them from skimmers and look great while doing it. Armored Wallet offers a variety of colors and prints featuring classic works of art. There’s something to be said for the unique touch of carrying classic art in your wallet, and even more to be said for protecting yourself while getting change back from a $10 bill.


The masterpieces featured on the sleeves come mostly from European impressionists like Van Gogh and Monet, and don’t extend much past the paintings you might have had as a dorm poster in your college days. So, if you were hoping for Klimt or Kandinsky, you’re out of luck.


In the end, your choice will be dictated by your personal style. If you’re an upscale fashionista, you may be disappointed with the season’s offerings; among Saks 5th Avenue, Nordstrom, Barney’s New York, and Coach, not a single RFID-blocking women’s wallet can be found. If you prefer simplicity, you might want to check out the men’s wallets, most of which claim to be unisex. If, however, you’d rather save money and protect yourself from identity theft than look good on the runway, you have your choice of a vast number of styles and colors. Whichever you choose, make sure you find a way to protect your cards, even if that means wrapping them in tinfoil until you can find a suitable and fashionable alternative.

Sources: 
http://www.makeuseof.com/tag/dont-let-them-scan-you-blocking-rfid-chips/   
http://www.cbsnews.com/news/back-pain-cure-it-by-cleaning-out-your-wallet/

http://money.cnn.com/2015/07/29/luxury/jane-birkin-hermes-bag/

http://www.amazon.com/gp/product/B00I0EI5DC/ref=s9_hps_bw_g193_ir14?pf_rd_m=ATVPDKIKX0DER&pf_rd_s=merchandised-search-9&pf_rd_r=00V8ZFC3J61Y0K0DD90X&pf_rd_t=101&pf_rd_p=1925055922&pf_rd_i=7218758011

http://www.amazon.com/dp/B00I9K68AY/ref=asc_df_B00I9K68AY3835448/?creative=394997&creativeASIN=B00I9K68AY&linkCode=df0&tag=wwwshopstylec-20&ascsubtag=1586119148

http://www.travelsmith.com/travelsmith-rfid-blocking-double-frame-clutch/sale-clearance/clearance/new-to-clearance/travel-gear/800288?isCrossSell=true&strategy=76

http://www.travelsmith.com/travelsmith-rfid-blocking-crossbody-purse/travel-accessories/security-bags-belts-wallets/rfid/778503?defattrib=&defattribvalue=&listIndex=4

http://www.idstronghold.com/RFID-Wallet-Ladies-IDSH7105.asp