EQUIFAX’S BIG PAYBACK: SHOULD YOU FILE A CLAIM?

It was just two short years ago when Equifax went public with the realization that access to about 150 million users had been obtained by a third party still unknown to top security officials. Without knowing the perpetrators, motive behind this breach has yet to be concluded, generating worries about criminals using the identities stolen to cash in through the sale of said data or something more nefarious, including spy scandals.

While advanced cyber security and dark web professionals sift through to try and find the data, Equifax has been trying (and being forced to) make up for their mistake with the millions of Americans whose information was violated. On July 22nd, 2019, the Federal Trade Commission, in conjunction with several other agencies and all 50 states, agreed in court to a settlement of roughly $700MM to be paid out in reparations to those affected by the breach in accordance with allegations that the company did not provide and monitor security measures to protect against this attack. This is on record as the largest settlement ever dished out for a data breach in U. S. history.

Of that $700 million dollars, at least $300 million is to be used to offer the plaintiffs access to years of free credit monitoring service in order to ensure that any data stolen from Equifax during the breach was not used to steal individual’s identities, and also allows for free credit freezes as well for those who are more concerned. The other payout option they provided was $125 for anyone who files a claim for it. An extremely small payout on an individual level considering the fortunes that could be lost if a person’s identity was indeed stolen, but still a payment nonetheless. Should you file for one of these checks?

Well, unfortunately, Equifax has turned around and in the blink of an eye, stating that the amount of people filing for this $125 payment has surpassed the allocated funds for paybacks. According to the FTC, “because of high interest in the alternative cash payment under the settlement, consumers who choose this option might end up getting far less than $125”. Beyond the fact that this amount may be smaller in scope than originally planned on, the filing process isn’t as easy as filling out a form. Instead, those who file are required to gather documents related to the hack that show losses, and provide ancillary information and documents in the process of filing your claim. Many of those who have started the process are turned off by the fact that they need to proceed in presenting further information to the company that they already don’t trust to keep their information safe, and several scammers have set up websites to further deceive you into entering personal information. However, regardless of all these issues, millions have, and are continuing to file their claims which will remain open until January 22, 2020.

While the $125 (or likely much less) payment option may not be the best call, the alternative option for free credit reporting, monitoring, and freezing is catching on with some of those affected. Included in this package is free credit reporting, most importantly from all three major credit bureaus, which in theory is worth “hundreds of dollars a year” according to Robert Schoshinski, the assistant director for the FTC’s Division of Privacy and Identity Protection. To add to this value, included in the credit reporting is up to $1 million dollars in identity theft insurance and individualized identity restoration services. All in all, this secondary option may not be the source of direct money in your pocket, but rather can save you huge amounts of money in the case that something malicious were to occur as a result of this breach.

Here at DWM, we are always monitoring ways we can protect our clients, and we will continue to do so. While Equifax may not be giving out the $125 check anymore, free credit monitoring might be a very nice way to go if you’re willing to go through the process of filing a claim. This can essentially mean spending five to ten minutes of your time for 10 years’ worth of peace of mind, and roughly $2,400 worth of value ($20 per month of monitoring for 10 years). While it may seem like pocket change in comparison to the value of the data stolen from you, this can definitely serve as great protection in the case that any of this information is fraudulently used in the future.

 

If you would like to file a claim, please visit Equifax’s claim website: https://www.equifaxbreachsettlement.com/file-a-claim

October: Halloween and National Cybersecurity Awareness Month

What a combo!  Ghosts and goblins seem pretty tame compared to the potential theft of our financial information.  146 million Americans got a big scare last month when Equifax announced that hackers had stolen their personal information.  Fast food chain Sonic just announced that customers’ debit and credit card information was stolen last week.  So, while Halloween costumes, haunted houses and trick or treats get put away on November 1st, cybersecurity issues cannot be put away in the attic trunk or tossed into the garbage.

We probably all wish we could just email Equifax a two word message:  “You’re Fired!”  Unfortunately, it’s not that easy.  For example, Fannie Mae, who sets the rules for most mortgages, requires information from all three credit “repositories.”   If you will never need a mortgage, you can try to delete your files from Equifax.  However, those who have tried have been put “on hold” for hours and then told that deletion of their files was impossible.  The “no” response to deletion was confirmed by Equifax former CEO Richard Smith last week to Congress. For now, the best we can do is freeze (not “lock”) our accounts at Equifax, Transunion and Experian.

New “cyber-vampires” are emerging from the darkness.  Did you ever watch the movie “Catch me if you can?” Great film.   It is the story of Frank Abagnale, Jr., played by Leonardo DiCaprio, a master of deception and a brilliant forger who stayed one step ahead of the FBI (Tom Hanks) for five years with his highly successful scams.  Once arrested, he spent five years in jail from age 21 to 26.  Since that time, Mr. Abagnale has put his unique skills to good use teaching FBI agents around the country about cybercrime, identity theft and fraud.    He also serves as an ambassador for AARP’s Fraud Watch Network and lives in Daniel Island, SC.  Here are some of Frank Abagnale’s (“FA”) recent warnings:

FA: “Stop writing checks- if you are still paying by check, you might be putting your life savings at risk.”  If you go into a grocery store and write a check, you have to hand the clerk the check with your name and address, phone number, your bank’s name and address, your bank account number, the bank routing number and your signature.  And then, the clerk may ask to write down your date of birth and driver’s license number as well.  You never get the check back, it goes to the store’s warehouse, where it may be destroyed thoroughly (or not) six months from now.  Anyone seeing the check has all they need to draft on your bank account tomorrow.

FA: “It is now 4,000 times easier to forge checks (with today’s technology).”  50 years ago, FA used a Heidelberg printing press, originally costing $1 million, to forge checks.  The press was 90 feet long and 18 feet high.  Now, one simply opens their laptop and says, “Who’s my victim today?”  In fact, FA indicates that forging checks is so easy these days that street gangs that used to deal in drugs and narcotics are forging checks instead.  FA: “It’s easier and you spend a lot less time in jail if you are caught.”

FA: “Technology breeds crime-whether it is forging checks or getting information.”  Facebook is a great source of information for the crooks.  One of the most common scams now is the “grandparents scam.”  The bad guys go on Facebook and find out who the grandparents are and see who the grandson is dating.  They easily manipulate their telephone caller ID to show a call coming from the NYPD or other police department.  The thieves place their call on a Friday night and tell the grandparents that the grandson is at the jail after being picked up for DUI/DWI and being held for bail.  If money for bail is not received in two hours, the grandson will have to spend the weekend in prison.  “Millions of grandparents have fallen for this scam.”

At DWM, we recognize that you have worked and continue to work very hard for your money.  Our goal, in every facet of providing Total Wealth Management, is to protect and grow your assets.  Cyber-safe practices are a key element of risk management.  Our first job is to educate our clients and friends about the importance of cybercrime, identity theft and fraud.  Charles Schwab & Company, the custodian for our clients’ money, is as dedicated as we are to keep you and your funds safe and help prevent attacks.

Watch for more blogs this month (and beyond) on cybersecurity.  It’s a tremendously important topic!!

“An Ounce of Prevention is Worth a Pound of Cure”- B. Franklin

Millions of Americans are being impacted by two Category 5 disasters- Hurricane Irma and the Equifax data breach!!  Certainly, we’re all watching Irma spread through FL and our hearts and prayers are with all those in Irma’s path.  But don’t discount the Equifax high-tech heist as something small.  Last Thursday, Equifax announced that personal and confidential information for 143 million Americans.  This included names, social security numbers, birth dates, addresses and, in some instances, driver’s license numbers and other information.

This epic breach is a really big deal and a great concern.  Equifax, Experian and Transunion warehouse the most intimate details of Americans’ financial lives, from credit cards to medical bills.  Once security is breached, the hackers typically sell the stolen information to sophisticated identity thieves.  Last year, 15.4 million Americans were victims of identity theft, which totaled $16 billion.  In most cases, the money was recovered, but only after a tremendous amount of time, money and stress.  One man said the thieves so ruined his credit that he was unable to secure a needed mortgage refinance.  One lady’s social security number was used by others to file her income taxes and get a refund before she even filed her own return.  It took her over a year to get it straight with the IRS.  In the first half of 2017, there were a record 791 data breaches in the U.S., up 29% from last year.  Victims have recounted what a terrifying experience it is to have your identity stolen.  “You’re worried about the tremendous implications this could have and the possibility of it going on for years.”

Here’s the really bad part of the Equifax breach. We now know that the breach occurred six weeks ago, July 29th.  The hackers probably sold the information shortly thereafter.  We’ve likely all been compromised for six weeks and we didn’t know it.  Equifax is now under investigation for the breach and their lack of transparency by Congress, New York’s attorney general and the Consumer Financial Protection Bureau. If you call Equifax, it’s another frustration.  Their “hot line” is staffed with people who really can’t tell you if your information was taken or not.  You should assume that it was.  Ouch!!

It’s time for us to play defense.  Step one- put a credit freeze on all three reporting services immediately.  It’s your only hope.  A credit freeze prevents existing creditors and new creditors from using your information.  It prevents new accounts being opened in your name.  When you contact the sites listed below you will receive a PIN that allows you to temporarily lift or “thaw” your freeze.  Put that number in a very safe place (see below).  Yes, you may be delayed a day or two to get your information released when you need to apply for new credit, but that’s a small problem compared to potential identity theft.

Here are the sites:

Equifax – https://www.freeze.equifax.com/Freeze/jsp/SFF_PersonalIDInfo.jsp

Experian – https://www.experian.com/freeze/center.html

TransUnion – https://freeze.transunion.com/sf/securityFreeze/landingPage.jsp

I froze Elise and my accounts yesterday in about 20 minutes.

 

Step two-you need to create strong passwords and store them in a secure spot. The bad guys have two pieces of information, your social security number (which you don’t want to change) and your address.  Don’t help them with the next step by having weak passwords.

Updating your passwords will take some time.  Focus first on the key ones; your credit cards, financial institutions, and key retailers like Amazon and Apple; anywhere there is money or where thieves could get merchandise or services.  If a site offers additional security with a two-factor authentication, enable it.   Once you’ve got the key sites, start knocking out the others.

You should use a password manager like 1Password or LastPass.  It’s always important to update your password every so often. These sites create a unique random number password for every website you visit and stores them in a database that you create.  This makes it much more difficult for the thieves to decode your password. Further, these are great places for all of your passwords and your PINs.  Of course, you need to keep your master password in a special spot and share that with your spouse and/or another trusted person.

No question, this is a real pain!!  But, the alternative is possible identity theft which could be a 100 times worse.  We live in an age of Big Data.  We have all allowed the emergence of huge detailed databases full of information about us.  Thanks to technology, financial companies, tech companies, medical organizations, advertisers, insurers, retailers and the government can maintain and access this information.  Unfortunately, companies like Equifax are only lightly regulated and there’s not much punishment for breaches.  Hence, breaches will keep happening.  Even with new technology, like Apple’s new iPhone8 which includes face recognition to unlock it, the consumer credit bureaus are not going away anytime soon.

Please do yourself a favor and freeze your credit, change your passwords and store everything securely this week.  The process will certainly feel like more than an “ounce” of prevention, but if it saves you from identity theft, it will be far more than a “pound” of cure.

Target Security Breach Puts Spotlight on Identity Theft Prevention

identitygrinch
(Click above for full size image)

Across the country, 110 million Target customers are now dealing with the fallout from the security breach in December. Hackers obtained e-mails, name, addresses, phone numbers and PIN numbers for the debit and credit cards. Target has just agreed to provide all of its customers with a year of free credit monitoring. Worse yet, the Department of Homeland Security reported last week that the attack on Target was likely a part of a broader and highly sophisticated scam that potentially affected a large number of retailers, including Neiman Marcus. Apparently, Target’s systems were amazingly primed for hacking- lacking the virtual walls and motion detectors found in secure networks like most banks. Identity theft continues to be on the rise. The good news is that there are actions you can take to protect your identity. We thought it would be a good time to review some of the suggestions we have provided in the past, as well as some new ones:

Digital Security:

  • CHOOSE GOOD PASSWORDS. Make them difficult to decipher. Vary them by account. Don’t store your passwords on your computer.
  • COMPUTER SECURITY: Use anti-malware/spyware and anti-virus programs and keep them up to date.
  • PREVENT PHISHING SCAMS. This is when a thief sends a legitimate-looking email from a company you have an account with and asks you to reply with information or click on a link in the email. Instead, contact the company directly through the website or phone number you would usually use.
  • RESTORE YOUR COMPUTER TO THE FACTORY SETTINGS. When you sell or get rid of your computer, make sure that you have wiped out all information first.
  • SHOPPING ONLINE is safe as long as you are on a secure website. The internet address should start with “https” and have a padlock icon in the lower right hand corner.

At Home:

  • SHRED everything with sensitive information. (This means anything you wouldn’t hand to a total stranger).
  • PROTECT SNAIL MAIL. Consider using e-delivery as much as possible. Consider getting a P.O. box for delivery of mail with sensitive information.
  • TELEPHONE SCAMS: Never give out information to someone who calls you claiming to be from your credit card company, bank, etc. If they are legitimate, they already have that information. Call the company yourself using a phone number from the back of your credit card or bank statement.
  • USE A SAFE for all your important documents including your social security card. Keep your birth certificate, passport and other identifying documents in a bolted-down safe at home and use the hotel safe when you’re travelling. Also consider scanning and moving these documents to a “safe vault” in the cloud, such DWM/Orion.

When Out and About:

  • AVOID “SHOULDER SURFERS”. The person behind you at the ATM or supermarket may be just another shopper or maybe not. Be cautious.
  • WATCH WHAT YOU CARRY. Take only what you need. Change your credit cards to a PIN option only, if possible.
  • CARRY YOUR WALLET in your front pocket or your purse in front of you to reduce the likely-hood of pick-pocketing.

Other:

  • CREDIT FILES can be protected by placing a security freeze on your credit reports. When a freeze is set at all three credit bureaus, a thief cannot open a new account because the potential creditor will not be able to check the credit file. When you need to apply for credit, you can lift the freeze temporarily. See: www.equifax.com, www.experian.com, and www.transunion.com.
  • Order a free credit report through www.AnnualCreditReport.com from one of the three agencies every four months. You are entitled to one free copy a year from each agency, so you can rotate your requests.
  • MONITOR YOUR CREDIT CARD AND BANK ACCOUNT ACTIVITY. Most credit card companies and banks have a smart app that allows you to monitor your activity. It’s a good idea to check it every few days. If there is a fraudulent purchase, you’ll catch it quickly.
  • PAY FOR AN OUTSIDE MONITORING SERVICE. Both Target and the State of SC (when tax files were breached 15 months ago) provided a year free service with Protectmyid.com (now part of Experian). The service typically costs $16 per month. It monitors your credit and notifies you of new accounts or applications for credit. It includes $1million identity theft insurance- however, this is limited in scope and primarily pays for incidental expenses, not monetary loss. The only loss covered is if funds are electronically transferred from your account.

These days, risk management includes much more than simply sufficient life insurance or auto insurance. It needs to include a program to safeguard your most important asset- your identity. Please give us a call at DWM, if we can help in any way.

FRAUD: Protecting Your Identity

Identity theftIt’s probably something you’d rather not think about, but identity theft affects more than 10 million Americans every year and is growing rapidly. If you haven’t been a victim, you probably know someone who has. Thefts range from an unauthorized charge on your credit card to a complete loss of your identity.

Many thieves have financial motives like taking out a loan, opening bank or credit card accounts, or using your account information to create counterfeit checks or cloned ATM cards to drain your accounts. They may use your information to get government benefits like Social Security payments.

Other thieves use your information to get a driver’s license, rent an apartment, open cell phone or utility accounts, or get a job using your social security number. Perhaps the scariest scenario of all: someone gets arrested and gives the police your information. When they don’t show up for court, the arrest warrant is issued in your name.

The good news is there are things you can do to protect yourself:

1.   SHRED everything with sensitive information. (Anything you wouldn’t hand to a total stranger). Ask your accountant how many years of tax returns to keep, and shred the oldest year’s return and related records each time a new one is filed. Shred old statements and credit card offers. Don’t leave receipts at ATMs or gas pumps.

2.   SHOPPING ONLINE is safe as long as you are on a secure website. The internet address should start with “https” and have a padlock icon in the lower right hand corner.

3.   COMPUTER SECURITY: Use anti-malware/spyware and anti-virus programs and keep them up to date. This will prevent hackers and malicious software programs from gathering data unbeknownst to you.

4.   TELEPHONE SCAMS: Never give out information to someone who calls you claiming to be from your credit card company, bank, etc. If they are legitimate they already have that information. Call the company yourself using a phone number from the back of your credit card or bank statement.

5.   In PHISHING SCAMS a thief sends a legitimate-looking email from a company you have an account with and asks you to reply with information or click on a link. Instead, contact the company directly through the website or phone number you would usually use. Watch which website you go to: there are scammers who set up websites that look legitimate but aren’t. (ie Visa.biz or BankatAmerica.com)

6.   USE A SAFE for all your important documents including your social security card. Keep your birth certificate, passport and other identifying documents in a bolted-down safe at home and use the hotel safe when you’re travelling. Losing any of these documents makes it extremely easy for someone to steal your identity.

 7.   CREDIT FILES can be protected by placing a security freeze on your credit reports. When a freeze is set at all three credit bureaus, a thief cannot open a new account because the potential creditor will not be able to check the credit file. When you need to apply for credit, you can lift the freeze temporarily. See: www.equifax.com, www.experian.com, and www.transunion.com.

8.   Order a free CREDIT REPORT through www.AnnualCreditReport.com from one of the three agencies every four months. You are entitled to one free copy a year from each agency so you can rotate your requests. Watch activity and check for inaccuracies. Also, be sure to close credit accounts you don’t want; don’t just cut the cards up.

9.   BE AWARE of who’s around when you are at an ATM, on the phone, or online in public. Someone may be eavesdropping. Hackers can steal personal information from nearby laptops and smartphones. Set a strong password (a combination of letters, numbers, and symbols) on these devices that automatically locks after a certain period of inactivity.

10.   MAIL envelopes with any sensitive information from a Post Office mailbox or secure mail slot, not your home mailbox where mail could be stolen. Eliminate credit solicitations by ‘opting out’ with companies you do business with and sign up for the Do Not Mail (www.directmail.com) and Do Not Call registries (www.donotcall.gov).

This is one situation where Ben Franklin’s old adage “an ounce of prevention is worth a pound of cure” is certainly good advice.