Four Steps To Checking Your Credit Report

If there were a song about keeping yourself safe from financial scams, the refrain to that song would be “Check your credit report!” But practically speaking, what does that mean? How can that one piece of advice keep you safe from so much?

Though it sounds like an advanced financial maneuver, checking your credit report is easier than balancing your checkbook. All you have to do is get it, read it, report errors and stay on it. Let’s look at each step in detail:

1.) Get your credit report

There are three different credit reporting agencies: Equifax, TransUnion, and Experian. They share data, but each makes its own report. You’re entitled to one free report from each agency every year. If you know you’ve got a major purchase, like a car or house, coming up in the next year, you’ll want to check all three bureaus before you start shopping. This way, you can catch inaccuracies before lenders see your information and score. Otherwise, it makes sense to stagger them and view one report every four months. This puts the shortest amount of time between checks.

You can get your credit report for free at annualcreditreport.com. This is the only website approved by the Federal Trade Commission (FTC) for this purpose. Take care to avoid “imposter” websites operated by scammers. They may use similar-sounding website names or common misspellings in an attempt to trick you and get your personal information.

There are other situations under which you can get a free copy of your credit report. If you are denied credit, you can request a copy of the information that was used to make that determination provided you do so within 60 days. If you have been the victim of certain kinds of fraud, the service will also provide you with a free copy of your credit report in order to help you make it right. These checks will never hurt your credit score.

If you’ve requested your report online, it should be available immediately. You may need to answer a few questions to verify your identity. The service may ask if you shared an address with anyone else or about previous streets you’ve lived on. Once you answer these questions, you’ll get your credit report.

2.) Go over your report

With your credit report now in your hands, it’s time to look it over. There are three things you’ll want to look for. You want to find accounts that are open in your name and you want to see if there’s any collection activity. You’ll also want to take a look at the number and frequency of inquiries.

There are slight differences in the three reports, but each has a list of accounts. They may be broken down by type (mortgage, installment, revolving, and other) or listed by date. You’ll want to look through each one to make sure you recognize them. This can be a tricky task, as every store credit card you open and every installment loan you make is listed. If there are any accounts you don’t recognize, you’ll want to make a note of them and potentially contact the credit reporting agency. Look particularly for accounts going to PO Boxes or listed with addresses in other states.


“Negative items” include bankruptcies, accounts in collection or accounts reporting as past due. Such activity is another good place to check for fraud. If someone else opened an account in your name, they likely won’t be paying the bills. You’ll also want to look for inaccuracies that may be hurting your credit score. If there’s an account listed here that was discharged in bankruptcy, for example, you’ll want to make note of that, too.

The list of inquiries shows you the number of times someone has checked your credit. No one can do this without your permission, so if there are more inquiries than you remember, it could be a sign someone has stolen your identity. It might be worthwhile to put a freeze on an ability to open new accounts until you’ve gotten everything resolved.

3.) Report inaccuracies

Each reporting agency maintains a separate error reporting process, so you’ll have to report each error to the agency that made it. For basic errors, like address, name, or personal information, the agency can make those corrections with minimal trouble. For more serious errors, you’ll need to send a dispute letter.

The FTC has a template for a dispute letter available on its website. You can use that or you can draft your own. Either way, you’ll need to clearly identify the accounts or items you’re disputing. Where possible, use partial account numbers or other numerical information. You’ll also need to explain why you consider the item an error. Attach copies, but not originals, of documents that support your claim. Examples include police reports for stolen or lost wallets, bankruptcy orders that discharged a debt or letters from a lender indicating that an account was opened fraudulently.

Send your letter via certified mail. This costs a little more than a stamp, but you’ll get proof of receipt. This is important because the agency has 30 days to make a determination about your dispute. They’ll send your dispute to the information provider (the company that told the agency about the account or negative item).

If the reporting agency finds your claim to be correct, you can request that they send copies of the updated report to anyone who received your credit report in the last six months, and to any employer who pulled your credit report over the last two years. They’re also required to send you an updated copy with any new information in it.

4.) Stay on it

Checking your credit report periodically is the only way to keep yourself safe from identity theft and other modern crimes. If you need assistance, Destinations Credit Union is here to help.  Call, click, or stop by today.

SOURCES:

Is 2015 The Year Of The Health Care Hack?

Brought to you by Destinations Credit Union

If 2014 was the year of major retailers being involved in security breaches, 2015 has thus far been the year for insurance companies. Anthem led the way earlier this year with a hack that compromised the personal information of hundreds of thousands of victims. Now, Premera Blue Cross, one of the largest health insurance providers in the Pacific Northwest, has been the target of a security breach.

Security experts are still attempting to discover the full extent of the breach. Hackers evidently accessed housing data from as far back as 2002. It is believed that at least 11 million people were affected by the breach.

Premera also has dozens of subsidiary organizations, clients, and contractors each with its own set of records. Technology experts from the health care provider are working tirelessly to determine the extent of their information that was compromised. Vivacity, a workplace wellness provider, and Connexion Insurance Solutions, which focuses on small- to medium- sized businesses, were both affected, too.

The vulnerability has been in use for some time. Company officials say the first breach occurred in May of 2014 and was only discovered in January of 2015. The FBI, in coordination with private cyber security firm Mandiant, is working to uncover the size and severity of this attack as well as to find the perpetrators.

Criminals have stolen a wide variety of personal information from the provider. Names, addresses, and Social Security numbers are the obvious targets, and these are frequently used to commit identity theft or cloning. A surprising amount of health information is also used to illegally obtain prescription medication or commit insurance fraud. This form of medical identity theft is growing as a black market solution to higher medical costs. In 2014, 2.3 million people were victims of this kind of fraud and each victim had to pay an average of $13,500 to resolve the problem.

There appears to be a strong connection between the attacks made on Premera and those made on Anthem. In both cases, hackers registered domains with common misspellings of the company’s name and used those sites to collect login information. These usernames and passwords were then used to breach the company at higher and higher levels. These tactics, and several others, point to Chinese hacking group Deep Panda.

As these groups grow bolder, it’s more important than ever to keep up with your own best practices in medical identity theft prevention. The FTC recommends following these three steps to keep yourself safe:

1.) Watch your medical records

Medical identity theft results in bills to you for procedures done to someone else. Unscrupulous doctors bill insurance companies for procedures they never did or for more costly versions of operations than what they performed. They count on instant reimbursement, knowing the insurance company will try to collect the fraudulent charge from the policyholder. Medical identity theft confounds this process. In other instances, criminals use your identity to get medical treatment and bill it to your insurance, leaving you on the hook for the charges.

These charges will show up in a few places. For instance, you may get a call from a collection agency over a medical bill. You may also have a medical bill arrive in the mail for a procedure you didn’t have. Your insurance company may also notify you of a change in your premium or coverage based on a new medical condition. Each of these is a red flag that you’ve been the victim of medical identity theft.

2.) Review your records

The Health Insurance Privacy Protection Act (HIPPA) requires that healthcare companies keep and maintain detailed records about patient services. You have the right to obtain a copy of those records. In most cases, your best bet will be to contact a major provider of medical services, like a national pharmacy.

You may also need to contact your insurance provider for copies of their records. They have the same record-keeping and disclosure requirements that providers do, but they may charge for the service of providing records. If you can narrow down a window of time during which you suspect your account was compromised, you can save yourself both time and money.

Providers may refuse to comply with your request for disclosure because they fear violating the privacy of the identity thief. Fortunately, an appeals process exists for this decision. You need to contact the person named in the privacy policy as the patient representative or ombudsman. If you are still unsuccessful, you can contact the US Department of Health and Human Services’ Office for Civil Rights.

3.) Get corrections to your records

You can submit requests for corrections to each provider that has charged you for services. Such a request should explain the reason for the error and include documentation that the charge is, in fact, an error. Examples would be proof that you were nowhere near the provider at the time of the charge or a letter from your doctor stating that you have never experienced the condition that was treated.

If your provider refuses to change or reverse the charge, ask them to place a notice of dispute on your account. This notice will show credit agencies that the charge may not reflect your borrowing habits and will help you mitigate the impact of a poor credit score. Such a notice should also stop the collection calls.

This pattern of security leaks means everyone is potentially at risk. You can’t avoid digitizing your health care information. But you can take steps to keep your identity safe. Credit monitoring services can provide you with peace of mind. Knowing you’ve got a team of dedicated professionals watching your back around the clock can help you sleep soundly at night.

SOURCES:

New Discoveries In TurboTax Fraud: Keep Informed And Stay Safe!


With the April 15th deadline now visible on the calendar, many Americans are finally sitting down to do their taxes. The good news? A standard return isn’t that hard and there’s still plenty of time to get it done. The bad news? One of the most popular online tax filing services is still compromised.

New reports in the Washington Post describe a new breed of tax fraud using the online platform. Previous attacks would focus on filing fraudulent returns using stolen personal information. Such returns were usually riddled with errors designed to inflate the amount of a potential refund, which would be routed to an account far away.

New attacks seem to have taken a different direction. Criminals use stolen email and password information to amend recently filed returns. The only change they make is the account number into which any refund will be deposited.

While only a few people have been victims of this kind of fraud, investigators are still working with TurboTax to identify the source of the leak. In the meantime, additional security measures have been added to online accounts. New logins will be required to answer credit report style identity verification questions, like former addresses, roommates and employers. So-called “knowledge-based authentication” (KBA) procedures are of suspect value.

Fraudsters with access to personal information can find it remarkably easy to get more. Real estate transaction databases can quickly eliminate possible choices about former addresses. The multiple choice nature of the questions makes it possible to mechanically “crack” the authentication procedure in relatively short order.

To make matters worse, fraudsters are getting better at covering their tracks. According to security blog KrebsOnSecurity, more and more scammers are registering accounts using stolen identity information on IRS.gov. Because IRS.gov accounts aren’t necessary for e-filing, many people never have cause to create one. One thing they are useful for, though, is getting copies of past tax returns. This is a vital step in protesting a fraudulent return.

Scammers have identified this weak point in fraud prevention and begun registering accounts using stolen personal information. This presents one more hurdle in the face of fraud reporting. It also gives scammers more time to take the money and run. Without an IRS.gov account, the IRS is bound by policy not to disclose any information on a tax return to anyone not designated on the return as an approved party. This does mean they’re protecting the privacy of criminals, but there’s little they can do about the policy at this point.

The core of the problem, according to Krebs, is that the IRS uses those same KBA procedures. Sophisticated scammers are increasingly adept at bypassing these procedures. That means one less barrier between them and your money.

If you think you’ve been the victim of tax-related fraud, there are still steps you can take. Read on for three ways you can fight back against tax fraud and get your money back!

1.) Create an IRS.gov account and use a strong password

The current KBA authentication protocol can be broken into relatively easily. If you register your account now, you can create a much stronger password to protect yourself. At time of press, the IRS is not allowing new accounts to be created, but new procedures for account verification are forthcoming.

Once you’ve created your account, use a strong password that includes numbers, letters and symbols. Make it unique to your IRS account to reduce the possibility that your password will be compromised. Once you create your login information, write it down and put it with this year’s tax documents (preferably locked in a safe location). You’ll need it again next year!

2.) Request a copy of this year’s tax return

If you think your information has been used to file a fraudulent tax return, you’ll need a copy of the return to file a dispute. If you can’t get it with an IRS.gov account, you’ll need to get a hard copy. The IRS has a form for this and they’ll charge a small fee for processing.

The from you’re looking for is Form 4506. This will get you a printed photocopy of the return, including all information about refund destination. This may help you track down the stolen money, and it will definitely help you in proving to the IRS that this wasn’t your work.

3.) Beware of ‘Money Mule’ scams

Increasingly, international fraudsters are having difficulty getting the money out of the country. That’s why they turn to Americans who are desperate for a buck. They’ll advertise on sites like Craigslist for “financial processing assistants.” They use your checking account to receive the funds, then you’ll wire or send a portion of the proceeds to another bank. It’s one way of eliminating the paper trail of tax fraud. That’s been the laundering scheme of choice for many tax fraud perpetrators this season.

It’s clearly illegal and very dangerous, but it also makes it possible for scammers to steal money in the first place. Beware of any job solicitation that offers to pay you for your ability to have a checking account. If they were a legitimate business, they could get one all their own and wouldn’t have to pay you for the privilege!

SOURCES:

https://krebsonsecurity.com/2015/03/sign-up-at-irs-gov-before-crooks-do-it-for-you/

"ISIS" Hacks Credit Unions – What You Need To Know


ISIS is the new face of terrorism and the Internet is the next front. Terror organizations use social media to recruit members, spread their messages and plan attacks. That they would also use hacking to evoke fear should come as no surprise.

That appears to be what happened on March 9 this year when visitors to the websites of several credit unions did not see the front page they were expecting. Instead, they saw a black screen with the logo for the Islamic State. Under the image were the words “Hacked by Islamic State (ISIS) We Are Everywhere :)” along with a link to a now-defunct Facebook page.

A closer examination of the defacement suggested to the FBI that this was not the work of the international terrorist group. First, the smiley face at the end of the message does not fit the tone of other messages the group has sent. Second, the targets, which included several small businesses and credit unions, seem out of character for the group. Most of the group’s rage tends to focus on agents and governments it views as occupying territory in the Middle East. Third, the level of damage was relatively low. A sophisticated hacking operation would aim to debilitate or destroy economically or politically important assets. While taking down a credit union’s website for a few hours is certainly disconcerting, the dollar amount of that can be applied to the damage is relatively low.

Rather, the FBI suspects this is the work of fairly unsophisticated domestic hackers. The target selection fits more with an attention-seeking group of malcontents. The strategy of website defacement is popular among amateur computer security students seeking to prove their skills or leave a “calling card.” No member data, accounts, or contact information was compromised in the hack and the defacement of the websites has already been reversed.

As with every other security compromise, the possibility that a more serious data breach occurred is not out of the question. In most cases, this breach would involve rigging the website to install malicious software on users’ computers. While it is unlikely, precautions are free and an ounce of prevention is worth a pound of cure when it comes to information security. If you’re concerned about your computer integrity, take the following four steps.

1.) Install, update, and run security software

Using the Internet without antivirus software is like reaching your hand into a medical sharps disposal bin. You’re going to get something and the results won’t be pretty. Several free antivirus programs exist. Popular choices include Panda Security, AVG and Avast.

If you already have antivirus software, you might think you’re covered. Yet, antivirus programs only protect against specific kinds of malicious programming. While they’re certainly the worst of the worst, viruses are only one kind of threat you face on the Internet. You also need an anti-malware program, like MalwareBytes or Spybot. These programs find and remove security threats that, while not quite to the level of viruses, can still compromise your computer.

These programs are still serious threats. Data breaches at Home Depot, Target and others were caused by malware on company computers. Even professional security experts occasionally forget about defending their systems this way.

Once you get the software installed, make sure to keep it updated and run it regularly. The scans usually take between 20 minutes and an hour. That’s all it takes to stay safe from the worst threats.

2.) Change your passwords

It appears unlikely that any user data was compromised in this most recent round of hacks. Still, there’s no reason not to be cautious. Change the passwords you use to log on to major financial websites and any website where you use those same passwords. If you use your Destinations Credit Union password to access your email, change your email password, too.

It’s a good idea to cycle passwords every six months or so anyway. Doing so helps to keep your accounts safe. If you have trouble remembering to do so, consider using a password management service to keep track of your security.

Always choose strong passwords. Four random words with a number on the end is a great way to randomize passwords but keep them somewhat memorable. Just look around your computer area and use the names of the first four objects you see, followed by your birth month. Doing so creates a password that humans can easily commit to memory, but the most powerful computers would take years to crack.

3.) Get a credit score report

You can get a free credit report every year, and it’s a good idea to do so. If you’re planning to buy a house or a car this year, you might want to hold off and use your free report closer to your purchase date. If you don’t have major purchases planned for this year, you can use your free credit score report to check if you’ve been hacked.

Look for accounts you don’t remember opening or large, sudden upswings in debt utilization. These could be signals that someone’s compromised your identity. Call the credit reporting bureau immediately to report suspicious activity.

This alleged ISIS hack is nothing to fear, but it’s worth being cautious all the same. It’s much easier to take preventative action than to regret not having done so. Taking these steps can help ensure you stay safe, no matter what happens.

SOURCES:

http://www.cutoday.info/Fresh-Today/Hackers-Claiming-To-Be-ISIS-Take-Down-CU-s-Site

Job Seekers Beware: ‘Re-packing’ Jobs Could Lead To Jail Time!


We keep hearing the economy is improving, but that news rings hollow for many Americans. Long-term unemployment is still a reality for 2.8 million people. They’re isolated and increasingly desperate, making them a perfect target for cyber-criminals.

The Better Business Bureau is reporting a new breed of cyber-crime that turns innocent people into accessories in the distribution of stolen merchandise. The scam starts like a lot of others, with a job offer from an anonymous company. The work sounds ideal. It’s work-from-home, set your own hours, and work as much or as little as you like. Best of all, it’s easy. You receive shipments at your house, then repack them and ship them to another address.

If you sign up, you’ll receive packages containing products and instructions about shipping them to other addresses, sometimes overseas. Your employer will want you to cover shipping, but promises to reimburse you for costs on top of your salary. At the end of the month, you get a check from your employer.

The first bad news comes when you attempt to cash that paycheck and it turns out to be fake. All the work you’ve done, plus the shipping costs you paid out of pocket, are gone. It’d be bad enough if it ended there.

Worse yet, you might end up facing criminal charges. At the very least, you’ll be an accessory to the theft of the goods you handled. If you helped to redistribute those goods, you handled stolen property. Even if you didn’t know the goods are stolen, if you didn’t ask questions where a reasonable person would have, you’re guilty.

To make matters worse, if you shipped those items internationally, you likely had to lie on customs documents. That’s a federal offense. The scammers just tricked you into taking all of the legal risk while they keep the money.

Similar scams are common in money laundering. A scammer will contact you or leave a post on a job board asking for financial service assistance. They’ll send a check and ask you to deposit it, then wire them back some of the money. You can keep a portion of it as your payment. The check was written against stolen funds and the issuing institution refuses to pay it. You’re out whatever you wired the scammer and could face charges as an accessory to fraud.

These scams are an unfortunate part of the job search process. They prey on the uncertainty and desperation that characterizes long-term unemployment. The widely anonymous nature of the Internet provides a perfect cover for schemers. If you want to keep yourself safe, follow these tips: 

1.) Be proactive in your job search 

It’s possible that your dream job may fall in your lap, though it’s far more likely that you’ll have to work really hard to get it. If you post your resume on a job site and walk away, it’s possible that the only people who are going to contact you are scammers. If you work with a recruiter or employment agency, you’ll form a contact that can help you land the job you want.

Working with an agency will also help you weed out the scams. You’ll have someone you know and trust to sort the real opportunities from the bogus ones. They’ll help put your resume in places where it needs to be instead of in the wrong hands. 

2.) Check the links 

Many of these scams work by “spoofing” a legitimate job posting. You’ll see an email saying that X company has reviewed your resume and thinks you would be a good fit for this position. The email will contain a link to something designed to look like a legitimate job posting on a big job board like Monster or Indeed.

Checking to see where links are really going is a hassle, but a quick mouse-over the link will show you the URL. If you don’t recognize the domain (the first part after the http:// and before the .com or .org), don’t click the link. Report the email as the scam attempt it is. 

3.) Watch for keywords 

“Repackaging” or “reboxing” are common keywords in these scams. For money-laundering, scammers often refer to the work they are proposing as “payment processing” or “wire transfer assistance.” It’s worth taking a moment to think about what you’d be doing. No legitimate business would need a personal checking account to move money around. If they’re a business that can pay for your services, they have a checking account. Similarly, they have an address and postal services.

If an employer is seeking your personal information before they’ve hired you, they’re not a potential employer. They’re crooks trying to steal your identity. It’s as simple as that. 

SOURCES: 
http://www.tylerpaper.com/TP-News+Local/212834/look-out-for-reshipping-job-scams#.VNJ-I9X3-ix  
http://career-advice.monster.com/job-search/getting-started/money-laundering-reshipping-scams/article.aspx
http://www.bls.gov/news.release/empsit.nr0.htm

You Don’t Have An ‘Email Quota’


Scammers will concoct any number of believable-looking lies in pursuit of your personally identifying information. They’ll pretend to be anyone and claim anything to get you scared, anxious and uncertain. They know that’s when you are most likely to make mistakes.

A new circulating scam is a remix of that old con. The Better Business Bureau reports this week on a new malware distribution scheme.

In this scheme, the scammers email you pretending to be from your email service provider (Google, Yahoo, etc.). They’ll tell you you’ve exceeded your email quota or that you have “deferred email.” The email will instruct you to follow a link to retrieve your un-checked email. Other variations of the scheme will tell you that you need to “update your personal information” to continue using your email service, which will require you to click a link to log in.

The link is to a malware download site, and once you click the link, you’ll be infected. The breed of malware will vary from attempt to attempt. Some may only bog down your computer with popup ads and other irritations. Others will root through your browsing history and personal files, looking for account numbers, personal information, and passwords. You may never know you’ve been infected until you get an unexpected credit card collection call.

Some scammers have gotten more sophisticated with the initial pitch, and will include “unsubscribe” or “change notification settings” in the footer of the e-mail. People looking to reduce the amount of unsolicited email they receive might click this link. They would be disappointed to learn that this link will also direct them to malware download sites.

If you’re looking to keep yourself safe from this new threat, here are three steps you can take.

1.) Know your Terms of Service

While there are upper limits on the amount of email your service provider will store for you, unless you’re sending DVDs worth of information regularly, you will never approach that limit. Gmail, for instance, will store around 65 gigabytes of email data for you. This is bigger than the biggest memory card available for your camera. If you received 23 professional-quality photos every day, it would take you a year to exceed your storage limit, assuming you never deleted any of them.

Email service providers also set some limits on the number of emails you can send, but if you’re clicking the send button each time, you’ll never exceed that frequency. These limits are designed to prevent malicious or fraudulent activities, which is why they target automatic message sending. If you’re running a business out of your home, you might worry about tripping this limit. For your personal email, though, this will never be a concern.

If you’re expecting an email regarding a job interview, family news, or other significant life event, be proactive. Contact the person you’re expecting to hear from and ask for an update. Sitting and waiting creates anxiety, which makes an environment ripe for scams.

2.) Don’t follow mystery links

If you receive an email from someone you don’t know, and it contains a hyperlink, don’t click it. Even visiting malicious websites can infect your computer, causing untold damage. Even if the message comes from someone you know, if there’s no context for the link, don’t click it.

You can take steps to figure out if the message you’ve received is legitimate. Look at the “from” line. The message may appear to be from “Google Admin,” but the email address might be googleadmin@freesites.ru (for example). If the second part of the email address (the domain) doesn’t match what you think it should be, it’s probably bogus. If there’s even a shred of doubt in your mind, don’t click.

Part of practicing good Internet hygiene is keeping your computer away from dangerous websites. Even if you think there’s nothing on your computer worth stealing, your computer could be used by scammers to cause serious damage to your friends and family. Stay safe, and keep your friends safe, too.

3.) Report suspicious activity

Email service providers take these scams as seriously as you do. Someone is trafficking in their good name to exploit their customers. They are eager to put a stop to it to keep their brand image safe and their customers happy.

If you have any doubt about the legitimacy of a message, forward it to your provider’s abuse address. Gmail has an option to “Report phishing” in the drop-down menu next to the reply button. Yahoo and Hotmail offer similar functionality. For larger corporations, try forwarding the message to “abuse” or “admin” @ the company’s website – abuse@target.com, for example.

These companies would rather sort through a thousand false positives than let people continue to defraud their customers. They value you because they’re providing you a service. Don’t hesitate to let them know something’s amiss.

For more information about fraudulent practices, visit Destinations Credit Union’s website and take a look in the Fraud Prevention section.


SOURCES:

Hackers Develop New Attack Method: Charities


It’s around this time of year that most charitable organizations run their biggest fund-raising drives. In so doing, they’re getting millions of contributions from many new contributors. Yet while they must make it as easy as possible for folks to donate, their limited personnel are overworked, making it difficult to thoroughly review all credit card authentication data.

Meanwhile, another group is working some holiday overtime too: Internet scammers. Because many consumers are shopping for goods they don’t usually buy, fake websites pop up, taking advantage of this inexperience to harvest payment information. The biggest challenge is sorting out the real sites from the fake or canceled ones. These two problems may have more in common than you think.

A new report by security firm, Phishlabs, unveils a shocking new strategy for solving that hurdle. Hackers use a chat-based program to transmit credit card information to make a small donation. If the transaction is successful, the program confirms the data the hacker supplied is legitimate.

In essence, hackers are using charities as a trial run for stolen credit card numbers. To understand what this means for you, let’s look at how the authentication process works, why charities are ideal targets, and how to keep yourself safe.

Authentication explained

Before you make an online transaction, the retailer will take some steps to verify your identity. You provide a credit card number, a security code and some other information. The form might ask for your billing address or ZIP code, for example. The idea is to keep your account safe by requiring several authentication factors. It works fairly well at frustrating casual scammers.

That’s why this bot is so useful to cyber-criminals. It can check data in low-risk, easily concealable ways. The operators of these services charge a fee in “credits” to would-be scammers. They earn these credits by paying for them or by performing a variety of “services” for the operator’s criminal enterprise.

By making a small donation to a charity, the bot can check to see if the information a scammer stole works. These donations are usually between $1 and $5 to one of a selected range of charitable organizations. If the payment sends, the scammer is free to use the information to buy other, more expensive goods.

Why charities?

Charities are the perfect target for this kind of operation. They use the same authentication strategies as every other business, but they seldom have the resources to investigate fraud. They also want to make it as easy as possible for people to donate. This means they use static donation website names and don’t use anti-bot software like Captcha. This makes them easy for a program to target.

Charities are also good targets because they have little at stake in stopping fraud. Defrauding a retailer puts them out the goods they sell. A fraudulent credit card used to buy a TV leaves the seller of that TV responsible for replacing the TV. Nothing like that exists for a charity. The donation amounts are usually miniscule, so their loss won’t seriously affect budgets.

Finally, charities are good targets because they are innocuous. Average consumers are more likely to overlook small charges to charitable organizations. They might think of them as contributions they made without thinking about it.

Protecting yourself

If you take all the usual measures to keep your identity safe online, this shouldn’t be much of an issue for you. If you think your information might have been stolen,though, consider taking the following steps:

1.) Watch for oddly specific amounts that have been sent to charities in your statement. Neither you nor your partner would give $4.48 to a charitable organization.

2.) Be preemptive in your giving. Donate to charities where you’ve done your research and only give to those that align with your values. Keep a list of charities you support and check your statement for any organization not on that list.

3.) Report these charges immediately both to your card issuer and to the charity on your statement. They can use a variety of indicators to track other fraudulent charges and catch other scammers in the act.

Beating this scam requires care and vigilance, just like every other scam. You need to know where your money’s going and be careful with where you make your payments. Don’t shop at websites you don’t know and trust, and don’t give out credit card information to anyone you don’t know. Check your statements regularly and report any suspicious activity.
SOURCES: