Summer Scams You Need To Watch Out For

July 13, 2016

Summer will be here before you know it, and with it come new and old scams. As you consider possible escapes — travel to exotic places; trips to the beach, the mountains or the golf course; a staycation to get much needed work done around your house — bear in mind that these diversions provide the perfect opportunity for con artists and identity thieves just waiting to insinuate themselves into your life, becoming the sand in your picnic basket (or bathing suit) — a vacation-killing burn that no ointment can soothe.

Here are few scams to be on the lookout for this summer

1. Thanks for the Robocalls, Congress! 

Thanks to a new provision slipped into important federal legislation, you may start receiving legitimate robocalls to your mobile phone — something that was previously forbidden by the Telephone Consumer Protection Act and the Fair Debt Collection Practices Act. According to Consumer Reports, buried in a recent Congressional Budget bill is a provision that allows loan servicers and other collectors of federal loan debt to use robocalls “to collect a debt owed to or guaranteed by the United States.”

While these calls will mostly target student loan borrowers, fearless fraudsters will certainly take advantage of this newly legal means to dial for dollars and try to extract money from those among us who don’t read Congressional Quarterly.

TIP: Caller ID is by no means a fail-safe protection. If someone calls you regarding money you allegedly owe, ask for the name of the debt holder, hang up, double-check that the number is legit online, and then call them directly.

2. Your New Chip Card Opens the Door for Fraud

There’s a newish phishing scam that has reared its ugly head in New York state, after a fairly long run on the road involving EMV chip cards. It’s a pretty straightforward phishing scam. The emails look authentic — that is, they appear to be from a bank with which you do business — and they target people who haven’t received their new chip cards. The ask: your personal information to authorize the new card. There may be a link, and if you click, it installs malware on your computer or mobile phone.

TIP: If you have your chip card already and this scam poses a threat to you, you have bigger issues. If you do not have your new card and receive an email or call about it, either go directly to the issuer’s site or call them directly and communicate with a representative. Don’t take the bait!

3. Summer Jobs & First Jobs

New college and high school graduates, and kids home for the summer exploring the job market — possibly for the first time — are getting duped into putting their personally identifiable information (PII) to work for fraudsters via fake job scams, according to a warning from the Better Business Bureau of Central Oklahoma. Sometimes the scam is focused on collecting PII to be used in identity-related crimes, but there are other scams that involve handing over bank account information.

TIP: Check out the company online, and don’t provide your bank account number or any other sensitive personal information. While I know this is incredibly painful for anyone born after 1980, pick up the phone and call your prospective employer.

4. A Moving Scam

A Georgia family learned the hard way that hiring a “man with a van” or any other mover can be risky business. According to the Atlanta Journal-Constitution, a woman who asked not to be identified hired movers she found through an online classified ad. They delivered her things, minus about $75,000 worth of personal items. Authorities later learned that the truck used by the suspects had been stolen shortly before the “job.”

TIP: Summertime is when many people choose to relocate. If you’re moving and you need help, hire a reputable company. And always check references.

5. Summer Rental Scam

Here’s an old favorite: You begin your search for a summer place way too late and assume there will be nothing available. But hold on — suddenly you fall upon the absolutely best summer rental ever! You reach the owner or realtor (it makes no difference to a scammer if he or she pretends to be one or the other), and you send a check to the address provided or wire money to an account. He or she then gives you the details about the place. Unfortunately, you have just rented a vacant lot or an empty warehouse. Or when you show up, you discover that you are but one of five families who also rented the house — or landfill.

TIP: If you get a real estate agent on the phone, get his or her license number and check it. Also request references if there are no reviews online, confirm that the address is real and the premises are truly available for rent. Use common sense.

6. Scalpers

Summertime is tour time for the record industry, and the hottest acts can sell out thanks to ticket brokers who horde big blocks of seats for resale at extortionate prices seconds after they go on sale. While this isn’t a scam per se, it creates a fertile field for fraudsters, who offer tickets at more reasonable prices, though they’re often still more than face value. The only problem: They don’t have tickets, or at least not real ones.

TIP: If you are tempted to buy tickets secondhand, be exceedingly careful because there are all sorts counterfeit tickets for sale. Go to reputable sites or deal with folks whom you trust and have established a relationship with.

The Takeaway

Unfortunately, in a world where identity theft has become a near certainty, the season is pretty much irrelevant. When it comes to scams and other kinds of fraud, it’s always open season on you.

Minimize the damage by monitoring your credit for signs of fraud. You can do so by pulling your credit reports for free each year at each of the credit bureaus.

Adam Levin is co-founder of IDT911 where this post originally appeared.

Trend: More Employers Offer Identity Theft Protection in Benefits Packages

May 03, 2016

It’s a trend reflecting the changing preferences of an increasingly diverse U.S. work force.

U.S. employers are increasingly offering so-called “voluntary benefits and services,” or VBS, as a carrot to retain valued employees. VBS includes things like critical-illness insurance, student loan repayment programs and even pet insurance, perks that are above and beyond core health care benefits.

What’s more, something you might not have expected has emerged as the hottest VBS on the planet: identity theft protection.

A recent Willis Towers Watson survey of 317 companies employing 9.2 million workers found that 92 percent of U.S. employers believe VBS will be important to their employee value proposition over the next three to five years, up from 73 percent in 2015.

“In the past, employers have focused VBS programs on the needs of baby boomers,” says Mary Tavarozzi, Group Benefits practice leader at Willis Towers Watson. “Now employers need to attract, retain and engage millennial employees, who have very different needs and priorities. They also are beginning to recognize that helping employees with financial well-being early in their careers may contribute to a more engaged work force.”

Here’s what’s mildly surprising: Willis Towers Watson predicts identity theft protection, offered by 35 percent of employers in 2015, could double to nearly 70 percent by 2018, which would make it the fastest growing type of employee perk over the next couple of years.

Gaining traction

This shift can be tied directly to our increasing reliance on all things digital, especially cloud services, mobile computing and social media, which, in turn, has translated into a tornado of nasty security and privacy exposures.

Thus, identity theft protection as an employee benefit is no longer considered a novel idea, and the willingness of employers to include it as an employer-paid option is fast gaining traction, observes Ben Rozum, co-founder and director of strategy and development at Genius Avenue, a benefits management company.

“From an employer standpoint, offering this protection enhances the benefit offering, helping to increase recruiting and retention efforts,” Rozum tells ThirdCertainty. “It shows a commitment to, and level of caring for, their employees on a more holistic approach.”

Often a human resources manager is the first to grasp this notion and take the lead in researching identity theft protection services. Increasingly, good information is being brought forward by brokers and sales reps who recognize a good thing when they see it.

Word spreads

These marketers are guiding HR managers to “a strong understanding of the product features and the need that it solves, resulting in full support for the promotion and engagement to drive employee enrollments,” Rozum says. “Given the established distribution process within the employee benefits channel, brokers and consultants who focus on both core products and voluntary benefits are actively engaged in helping to promote the benefits of identity theft protection programs to their clients.”

The brokers and sales reps spreading this gospel include employee benefits brokers, payroll services reps, and commercial insurance agents, says Jody Sevy, managing partner at consultancy Solid Nine Solutions.

“It’s easy for them to make a pivot to selling identity theft protection packages to employers,” Sevy says. “They see it as something closely related to what they are already selling, so it’s relevant, but yet it doesn’t conflict with their main line of products. It’s complimentary.”

Magic formula

Underlying all of this fresh activity is a confluence of developments. Awareness of network breaches and identity theft scams continues to steadily expand as cyber attacks have become a staple of news coverage. Most consumers now have some level of understanding of the erosion of privacy with respect to their digital lives and the resultant rising exposure to identity theft and cyber scams.

Meanwhile, employers seek the magic formula to keep workers happy, productivity high and benefits costs low. Along with that, more security services vendors recognize the market opportunity and are stepping forward with an array of service offerings geared to employers.

“The concept of expanded choice and personalization goes hand in hand with employer efforts to engage employees in benefit and health care decisions,” Tavarozzi says. “It’s hard to deny the attractiveness of cost-effective programs and services that meet employee needs and increase the value of benefit programs.”

Put another way, employers are discovering that it is possible to clearly visualize a tangible return on investment for spending comparatively little to add identity theft protection services as a voluntary benefit, Sevy says.

Several studies quantify the hours lost recovering from common types of identity theft attacks. A widely cited 2003 study by the U.S. Federal Trade Commission found that, on average, identity theft victims spent 30 hours resolving their problems; victims of so-called new account fraud, in which personal information is used to open and abuse lines of credit, spent 60 hours resolving their problems.

Worthy perk

Making identity theft protection services available to an employee’s entire family can dramatically reduce this recovery time and greatly relieve stress, Sevy says. And ongoing awareness and security training programs can improve productivity as well.

“You could call it productivity insurance,” Sevy says. “It is a financial wellness perk that the employer can extend to an entire family, and the cost is a drop in the bucket.”

Rozum predicts U.S. employers will increasingly add identity theft protection services to the mix of employee benefits a couple of different ways, going forward.

  • Employee paid. Employers make identity theft protection available through payroll deduction mechanisms. The employer clearly conveys why workers should take advantage and also makes the sign-up and ongoing administration process user-friendly.
  • Employer paid. Employers recognize the digital world we live in and see tangible value added to recruiting, retention and productivity.

“With all the market awareness on corporate breaches, the decision to offer identity theft protection as a voluntary benefit is becoming an easier decision to make,” Rozum says. “At this point, the early adopters are those who truly see the value and are providing the benefit as an employer-paid offering.”

Byron Acohido is editor-in-chief at ThirdCertainty.com, where this article originally posted.

 

WHY BUSINESS EMAIL COMPROMISE IS SKYROCKETING

May 02, 2016

More than 7,000 U.S. companies have been hit by BEC attacks since 2013, losing more than $740 million.

It is a devastatingly effective form of spear phishing that the FBI refers to as “business email compromise,” or a BEC attack.

Also known as “whaling” and “CEO fraud,” BEC attacks carry no viral attachments, nor malicious web links. Instead, they rely entirely on social engineering, usually spoofing someone in authority in order to persuade a subordinate to take immediate action, such as transferring funds or forwarding sensitive data.

More than 7,000 U.S. companies have been hit by BEC attacks since 2013, losing more than $740 million—and those are only the companies that reported crimes to the FBI. Since January, at least 55 companies have announced that they had fallen victim to one particular variation that lures employees into forwarding employee W2 forms, useful for creating fake tax returns, according to messaging security vendor Cloudmark.

This week, email security firm Mimecast released results of a March poll of 436 IT experts at organizations in the United States, U.K., South Africa and Australia. Some 67 percent of respondents reported an increase in attacks designed to instigate fraudulent payments and 43 percent saw an increase in attacks specifically asking for confidential data like HR records or tax information.

ThirdCertainty recently sat down with Orlando Scott-Cowley, Mimecast’s cybersecurity strategist, to discuss why email remains a viable attack vector and where things stand in the arms race to maintain trust in email. Text edited for clarity and length.

3C: It’s amazing that email, after more than a decade, remains a major attack vector.

Scott-Cowley: It is, but also it isn’t. If you think about it, email is a very simple process. It doesn’t require any skill or any ability to hack someone’s network or their firewall or their wireless. Sending an email, even a whaling email where there’s no malware, takes almost no ability at all.

3C: Why is whaling (BEC attacks) rising so sharply?

Scott-Cowley: Cyber criminals have learned that not using malware is a great way of getting into organizations because there’s no path to look for. So there’s nothing detect. They use social engineering to basically defraud people out of millions of dollars.

3C: The heavy lifting is in the preparation?

Scott-Cowley: The attackers will spend months, or even longer, researching the target, using sorters like LinkedIn, Facebook, Twitter, or Google Plus. They build up a really good picture of that organization. What they want to know is who’s the CEO, who’s the CFO, who are the senior finance managers in the organization, who’s HR, who’s IT and they can almost build an organizational chart.

And then when they’re ready to strike, they will send an email that looks as though it has come from the CEO, generally, or the CFO. They’ll sometimes use a spoof domain that looks very similar to your corporate domain name.

They’ll often use a fake display name as well, and they’ll target someone who’s senior enough in the organization, usually in the finance team, who has single signoff authority on wire transfers. They’ll try to trick them into making a wire transfer.

3C: What we’re seeing is not a fly-by-night thing; it’s a major trend?

Scott-Cowley: Yeah. It’s a big threat to enterprises now. A lot of people who have been affected by this have not had to admit it, because it doesn’t meet the requirements for breach reporting notification. And many times you could say there has not been a breach because no data leaked. The company just paid and quietly went on about their business, which is terrifying.

3C: How did spear phishing progress to this point?

Scott-Cowley: Progression is a great way of describing it. Two or three years ago, the threat was from malicious links in emails. As vendors, we found a way to solve that problem. At Mimecast, we rewrite the URL, so when the user clicks the link we scan the page, and we’ll block access to a malicious website.

The attackers learned that. They then moved on to weaponized attachments and hiding malicious macros in attachments, mostly Word documents and Excel files. They used the macros to basically pull the malware onto the desktop.

So, as vendors, we introduced sandboxing technology that basically runs the macro in the gateway before it gets to the inbox and looks at it and says, ‘Well, this is a Word document, it has a macro, but why is that macro talking to a website in Russia or China or somewhere?’

The attackers worked out that we were getting ahead of them blocking all of those different types of attacks, and so they started to turn toward whaling and social engineering, using the power of their words in the email to be able to con people out of millions of dollars.

This story originally appeared on ThirdCertainty.com.

 

 

 

 

IRS Reports 700,000 U.S. Taxpayers Hacked And 47 Million 'Get Transcripts' Ordered

March 01, 2016

Benefits News   FreedomID Clients   FreedomID News   Tax Fraud Tips  

Forbes.com 

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

Article by Steve Morgan, CONTRIBUTOR, Forbes.com

IRS Reports 700,000 U.S. Taxpayers Hacked And 47 Million 'Get Transcripts' Ordered

March 01, 2016

Benefits News   FreedomID Clients   FreedomID News   Tax Fraud Tips  

The IRS has filed an amended statement on the ‘Get Transcript’ hack — which reports that 700,000 U.S. taxpayer accounts were accessed or targeted, and 47 million transcripts have been ordered to date.

In January 2014, Get Transcript launched on the IRS website. The application enabled taxpayers to view and download their transcript or order previous years of tax filing information.

On May 26, 2015, the IRS announced it had discovered that cyber criminals — using taxpayer information stolen elsewhere — accessed the Get Transcript application on IRS.gov. The IRS identified approximately 225,000 taxpayers whose transcripts had been accessed or targeted. In August 2015, the IRS announced it had identified approximately 390,000 additional taxpayer transcripts which had been access or targeted – which brought the total number of hacked accounts to 615,000.

The Treasury Inspector General for Tax Administration conducted a nine-month long investigation looking back to the launch of the application in January 2014 for additional suspicious activity – which led to the amended reporting of approximately 700,000 hacked accounts to date.

The IRS is notifying the hacked taxpayers by mail — informing that they have been victims and cyber thieves may have their personal information, and providing guidance.

“The IRS is committed to protecting taxpayers on multiple fronts against tax-related identity theft, and these mailings are part of that effort,” IRS Commissioner John Koskinen said. “We appreciate the work of the Treasury Inspector General for Tax Administration to identify these additional taxpayers whose accounts may have been accessed. We are moving quickly to help these taxpayers.”

The online viewing and download feature of “Get Transcript” has been suspended since May 2015. The IRS is working to restore that part of the service with enhanced security to protect taxpayer identities.

Post-hack reporting by the U.S. government usually gets worse over time. When OPM was hacked, the first reported numbers indicated four million people had their personal information exposed. The final tally was nearly 22 million.

Article by Steve Morgan, CONTRIBUTOR, Forbes.com

Apple is Right to Protect Your Privacy

February 26, 2016

Benefits News   FreedomID News  

Steve Jobs understood what people want. His insistence on making hard things easier — for instance, using a personal computer — was an essential part of the Apple success story. Apple CEO Tim Cook has been doing the same thing — but now the “hard thing” is privacy and encryption.

Apple has consistently earned top marks for its privacy and data security policies. That said, since the San Bernardino shooting, which left 14 dead and 22 seriously injured, the company’s privacy-first approach has been experiencing a sort of baptism by fire.

Much debate has arisen around the encryption on San Bernardino shooter Syed Rizwan Farook’s iPhone 5C. Shortly after the shooting, the iCloud password associated with Farook’s phone was reset by a law enforcement officer attempting to gather information.

The snafu purportedly eliminated the opportunity for any information on the phone to auto backup onto the cloud when the device was used on a recognized Wi-Fi network. This information could have then been retrieved.

According to ABC News, the last time Farook’s phone had been backed up was Oct. 19, 2015 — a month and a half before the attack. According to court documents, this fact suggested, “Farook may have disabled the automatic iCloud backup function to hide evidence.”

Apple provided the FBI with the iCloud backups prior to Oct. 19. But the government wanted access to the phone, at least partially to discern if Farook had any terrorist ties. And, to get to it, the FBI asked Apple to reverse a feature that erases an iPhone’s data after 10 failed attempts to unlock it. If Apple did so, the government could use software to guess Farook’s passcode.

The FBI argued its reset of Farook’s password should not prevent Apple from honoring this request.

“It is unknown whether an additional iCloud backup of the phone after that date — if one had been technically possible — would have yielded any data,” the agency said in a statement. “Direct data extraction from an iOS device often provides more data than an iCloud backup contains.”

And, last week, a federal court ordered Apple to develop a custom iOS so the FBI could gain access to the phone. Apple is refusing to comply with the court order.

“Building a version of iOS that bypasses security in this way would undeniably create a backdoor,” CEO Tim Cook said in an open letter to Apple customers. “And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”

What’s at Stake

Consumer awareness around privacy and encryption has gained traction, following Edward Snowden’s revelations regarding the scope of government surveillance practices at the National Security Agency. Still, the public’s response to Apple’s current plight remains divided.

While some pundits, commentators and high-profile figures have argued the FBI should be able to access phone records in cases where national security may be at risk, others have come to Cook’s defense, arguing he is right to protect Apple customers. I, too, believe he is right to stand his ground here. In an environment where many companies would allow law enforcement to access private information, Apple is standing up for consumers and suggesting they can no longer tolerate routine incursions into their private lives — whether the so-called trespassers hail from the halls of government or invade in the interest of commerce.

To create an iOS or any other kind of backdoor into a personal device creates moral hazard. The potato chip theory applies to law enforcement and the erosion of the constitutional rights guaranteed to all U.S. citizens. One potato chip leads to another, and it’s hard to stop eating them. In the same way, one legal mulligan leads to another.

There has to be a point in the evolution of consumer privacy (or its disintegration) where we can no longer lower our standards as fast as our situation is deteriorating. When it comes to our privacy we really have to stand firm — and Tim Cook is doing that.

Executive Director of the Privacy and Big Data Institute at Ryerson University Ann Cavoukian long ago coined the phrase “Privacy by Design” to describe what’s starting to happen in the U.S. marketplace. Her theory was that consumers will start shopping for the best deals on their privacy — the less personal information required by a potential service or product, the more appealing it will be to the consumer.

So in that regard, the Justice Department is right to suggest, as it did last week that Apple is trying to protect its “public brand marketing strategy.” But in this instance, the strategy is consumer advocacy — nothing more or less. Privacy is not a brand. It is a right. And, contrary to popular belief, it’s no longer particularly hard, either. Apple’s strategy is to provide a useable product that is safe — and protects users against a potential war on their privacy.

This story, which originally appeared as an Op/Ed contribution on Credit.com, does not necessarily represent the views of the company or its partners.

 

Watch Out for Tax Email Scams

February 26, 2016

FreedomID News   Tax Fraud Tips  

Filers beware: There’s a good chance there’s a tax scam email in your inbox.

According to the Internal Revenue Service, there’s been an approximate 400% surge in phishing and malware incidents so far this tax season. In other words, plenty of thieves are currently sending out texts and emails under the guise of the IRS or other tax industry players this year. These messages are an attempt to steal personal information or data related to your tax refunds, filing status, transcripts and/or PIN information either directly or through malware that gets downloaded onto your computer when you click on infected links. The information can be used to file false tax returns.

“Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes,” IRS Commissioner John Koskinen said in a consumer alert re-issued earlier this week. “We urge people not to click on these emails.”

Tax Fraud on the Rise

The IRS’s findings aren’t exactly surprising. The agency announced earlier this year that it’s anticipating $21 billion in tax refund fraud this year. And, just this month, Intuit warned consumers that a fake TurboTax email was making the rounds. Still, the stats should inspire everyone to be a little more careful about what they click on this tax season. Per the agency’s latest consumer alert:

  • There were 1,026 incidents reported in January, up from 254 from a year earlier.
  • The trend continued in February, nearly doubling the reported number of incidents compared to a year ago. In all, 363 incidents were reported from Feb. 1 to Feb. 16, compared to the 201 incidents reported for the entire month of February 2015.
  • This year’s 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.

How to Spot a Tax Scam Email

Fortunately, there are a few simple ways to spot a tax scam email. For starters, be extremely skeptical of any emails purportedly from the IRS. The agency says it generally does not initiate contact with taxpayers by email regarding personal or financial information. Be similarly wary of emails that ask you to update important tax information by clicking on a link. (Recent scam emails the IRS has come across included the subject lines referencing “Get my E-file Pin”, “Order a transcript” and “Get my IP Pin”.) And look for typos or misspellings in the body of the message — they’re a big sign something is amiss.

If you do receive a shady email, refrain from clicking on any line and, instead, forward it to phishing@irs.gov.

Remember, filing your taxes as early as possible is the best way to minimize the odds of falling victim to taxpayer identity theft. But, if you have reason to believe your personal information was compromised, you should keep an eye on your credit. A sudden drop in credit scores is a sign your identity has been stolen. You can monitor your standing by viewing your two free credit scores each month on Credit.com.

This article originally appeared on Credit.com.

 

Regulatory clarity makes ID protection a more attractive employee benefit

January 25, 2016

Benefits News  

Identity theft is the fastest growing crime and consumer complaint in America, and benefit industry experts say concerned employees are seeking protection as an employer perk more than ever. New regulatory certainty about how identity theft protection benefits are taxed could increase the popularity of the benefit as an employer offering. 

More than 13 million Americans fall victim to identity theft every year, which means every three seconds someone's identity is stolen. Increased concern about the crime has individuals clamoring for identity theft protection benefits. How that benefit would be taxed, however, had been a topic of some debate in the benefit industry, with some employers eager to offer the benefit but concerned about the impact on employee income taxes.

Just before the new year, the Internal Revenue Service announced some good news and cleared the confusion, further incenting employers to offer the perk to employees.

In its Dec. 30 announcement, the IRS said it will allow preferential tax treatment for employer-provided identity theft benefits, despite the absence of a data breach. Generally, all benefits provided to an employee by an employer must be treated as income, unless the Code provides an exclusion. Previous guidance from the IRS created an exclusion for identity protection services, but only after a breach and only for individuals whose personal information might have been compromised.

“Identity theft coverage is growing in popularity as an employee benefit and being requested by clients more now than it ever has in the past in light of recent data breaches.  Standalone ID theft and legal carriers are also enhancing the features of their plans and reducing the cost on the group market to meet market demand. The clarification from the IRS regarding the taxability of this benefit is only going to drive sales of this product even more,” says Heather Garbers, vice president of Voluntary Benefits & Technology for Hub International’s western region. “We project this to be our fastest growing product in 2016 due to these reasons.”

“We view identity theft as a threat that will affect likely affect all of us throughout our lives and identity theft coverage will be a key benefit to have to identify data breaches earlier and make the process to restore identities less of a burden on the employees taking them less time away from the workplace,” she adds.The IRS’s latest announcement notes that several commenters requested guidance regarding the tax treatment of identity protection services provided before a data breach. According to the commenters, these services are being provided with increasing frequency in order to allow early detection of data breaches and minimize the impact of breaches when they occur. In response, the IRS has concluded that its previous guidance should be extended.

“The IRS will not assert that an individual must include in gross income the value of identity protection services provided by the individual’s employer or by another organization to which the individual provided personal information (for example, name, social security number, or banking or credit account numbers). Additionally, the IRS will not assert that an employer providing identity protection services to its employees must include the value of the identity protection services in the employees’ gross income and wages. The IRS also will not assert that these amounts must be reported on an information return (such as Form W-2 or Form 1099-MISC) filed with respect to such individuals,” the guidance states.

Any further guidance on the taxability of these benefits will be applied prospectively, it adds. “This guidance is welcome news for employers that want to offer identity protection services to employees as part of their data security strategy. They may now offer these services without increasing their (or their employees’) federal tax liability.  However, employers should be mindful of state and/or local tax laws as they may differ from federal tax law,” according to Tzvia Feiertag, a senior associate in the Labor & Employment Law Department of the global law firm Proskauer.

The preferential tax treatment does not apply to cash received in lieu of identity protection services or to proceeds received under an existing identity theft insurance policy, the guidance says. 

Article By Melissa A. Winn From Employee Benefit News

January 20, 2016 Web Article

IDENTITY THEFT AND DATA SECURITY TRENDS TO WATCH IN 2016

January 19, 2016

Expect more tax and child identity theft, and data breaches involving payment card systems.

Will cyber exposures subside in the new year? Highly unlikely, according to data security and privacy experts.

Trends to expect: an increase in tax and child identity theft, wire transfer fraud, and data breaches, particularly those involving payment card systems.

ThirdCertainty sat down with IDT911's Eduard Goodman, chief privacy officer, Brian Huntley, chief information security officer, and Victor Searcy, director of fraud operations, for their 2016 forecast.

Data transfers and children’s privacy

Goodman: U.S. companies with a European presence will encounter a tremendous amount of uncertainty in 2016 with respect to Europe’s stricter Safe Harbor data privacy rules, relating to the sensitive data transfers to businesses in the United States.

European regulators can be expected to harass the likes of Facebook and Google. And the threat of sanctions for noncompliance with Europe’s tougher Safe Harbor standards could easily filter down to many smaller companies, as well.

In another area, the recent hacking of toymaker VTech and Hello Kitty parent company SanrioTown.com signals that the theft of children’s information could become a worrisome new trend. As children attain earlier access to social media, smartphones and Web-enabled toys, details of their personal information and preferences are rapidly becoming part of the greater data ecosystem.

As a result, we will see more breaches that involve the theft of information for individuals under the age of 18. Hopefully, we also will see more public dialogue about the concept of preserving children’s privacy, whether it be school record data, health information, or data files containing images, video and audio recordings.

Wire fraud and politics

Huntley: In the coming year, fraud and theft will plague the merchant payments and ACH wire transfer systems. Small and medium-size businesses (SMBs) are especially vulnerable. If enough SMBs get victimized it could result in a public outcry about the inherent vulnerabilities in these systems, especially as consumers and small business owners come to realize there is minimal regulatory protections in these types of cases.

This being an election year, U.S. presidential candidates will focus on cyber war strategy and armament. Armchair quarterbacking of the 2015 U.S.-China cybersecurity agreement will arise as the centerpiece of this debate. We could see the U.S.-China cyber accord ascend as the basis for peer agreements between other nation states.

Meanwhile, the search will continue in different industries for an information security control framework that is akin to what the financial services sector has in the Federal Financial Institutions Examination Council’s (FFIEC) Information Security Guidelines and the health care sector has in the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Taxpayers targeted—once again

Searcy: One of the most pervasive identity theft scams involves the filing of a faked federal tax return using an ill-gotten Social Security number (SSN). Sadly, this will continue to be true again in 2016.

In the 2010 and 2011 tax seasons, the Internal Revenue Service paid out $8.8 billion of taxpayer money to identity thieves. And statistics pulled from a sampling of customers assisted through IDT911’s Resolution Center in 2014 show a 120 percent increase in tax fraud victims in 2014 and a 134 percent increase in 2015.

We expect this number to grow again in 2016. It can take months for a victim to sort out the mess with the IRS. Worse, there is little stopping criminals from using a victim’s SSN and other personal information in other scams.

IDT911 shows that 16 percent of tax fraud victims also were victims of financial identity theft; 12 percent of customers experienced multiyear tax fraud; and 16 percent were victims of both federal and state tax fraud.

Byron V. Acohido is editor-in-chief of ThirdCertainty, where this article originally posted.

Looking Back 2015 - A Year of Breaches

January 13, 2016

January 08, 2016

Every year at about this time, technology reporters typically recount the big computer crimes from the past 12 months and proclaim “The Year of the Hacker” or some such moniker. This year, it fits.

Two years ago, the Target hack ushered in a new era of credit card theft awareness and ultimately helped inspire a big change in the way Americans use plastic. But as we all know, theft of credit and debit card information has a limited impact on consumers (fraud liability generally falls to the merchant or financial institution, if reported in a timely fashion).

On the other hand, theft of Social Security numbers, health care data and even fingerprints, by the millions … well, that’s a much bigger big deal. And that’s what U.S. consumers faced in 2015.

Data theft has moved far beyond credit card fraud. Today, millions of Americans have to live with the fact that agents acting allegedly on behalf of a foreign government now hold their SSNs and fingerprints — identity markets that are difficult, if not impossible, to change. And loss of that data makes them vulnerable, potentially, forever. That’s the real story of 2015.

A More Personal Breach

“This year proved once again the breaches have become the third certainty in life because the bad guys have proven they are more persistent, creative and increasingly sophisticated than the good guys,” Adam Levin, co-founder of Credit.com and author of new book, Swiped, which chronicles the extent of the ID theft problem, said. “While consumers, government and business are more aware of the issues, there is still a lack of understanding as to what needs to be done, resistance to allocate the proper resources to do what needs to be done and countless legacy systems that impede our ability to do what needs to be done.”

The Identity Theft Resource Center says there were 750 announced data leaks in 2015, and all tallied, 178 million records were lost or stolen. Also a headline from 2015: hackers’ new focus on healthcare data. Nearly 122 million healthcare records were stolen during 264 reported breaches, the most of any industry, the ITRC says. Government records were the second most commonly stolen — 24 million in 59 leaks. Comparatively speaking, the 5 million records lost in 69 leaks by the financial industry seems small.

The year in hacking got off to a fast start, when health insurance provider Anthem Inc. revealed it had been hacked in early February. Ultimately, the firm said that up to 80 million consumers were impacted. There were plenty of reports blaming China for the attack. While hack “attribution” is often an inexact science and the FBI rarely makes its conclusions public, it wouldn’t be the final allegations against Chinese hackers.

Nor would it be the last major health data hack. A month after Anthem’s announcement, Primera Blue Cross revealed that hackers stole data on 11 million consumers. There were plenty of reports that the same hackers were involved in both incidents, meaning the Chinese government might have been involved, but again, the allegations were denied by China and clear evidence was never made public.

Then, the big one hit.

Hackers Hit Home

In June, the Office of Personnel Management — Uncle Sam’s Human Resources department — revealed it had been hacked and 4 million government employees were at risk. Later, the number was raised to 18 million. Then 21.5 million. And the at-risk pool was expanded to former government workers and potentially anyone who had been used as part of an federal employee background check. Stolen data ranged from Social Security numbers to security clearance information to, in 5.6 million cases, fingerprints. Once again, reports blamed Chinese hackers. Once again, the culprits remain at large.

The hacking incident dominated tech headlines for months, and the federal government is still notifying victims. Meanwhile, all these alleged China-led hacker attacks became a major topic of discussion when President Obama and Chinese President Xi Jinping met in September. The two world leaders announced the U.S. and China wouldn’t attack each other through the Internet, though many security firms are skeptical the announcement had any real impact.

It certainly had little impact on computer criminals trying to gain illegal access to large consumer databases. Only a few weeks later, in October, T-Mobile revealed that its credit check provider Experian had been hacked and 15 million consumers were put at risk.

Meanwhile, big numbers aren’t the only reason consumers should be concerned. Smaller hacks can have a bigger impact, depending on the data that’s been leaked. The IRS “Get Transcript” service was hacked this year, and eventually, the agency had to reveal in August that criminals accessed more than 300,000 taxpayers’ accounts. Given the focused nature of the attack and the precise data stolen – old tax returns – victims are at serious risk for full-blown identity attacks.

Also this summer, password-storing service LastPass announced that criminals had gained access to encrypted passwords belonging to potentially 7 million users. The thieves still faced the uphill battle of cracking the password file’s encryption, so the incident was not quite the disaster it sounded like at first. Still, consumers were told to change master passwords immediately, and were put on notice once again about the fragility of seemingly safe computer systems in the 21st century.

More Big Breaches Ahead?

No doubt, 2016 will bring even more cautionary tales.

“As breaches have become the third certainty in life and the identity theft that flows from them is the new norm, businesses and consumers need to follow the 3Ms: minimize the risk of exposure, monitor and manage the damage,” Levin said. “Business leaders need to shore up their cyber defenses by instituting data segmentation, encryption, employee training on security protocols and penetration testing. Consumers need to remain vigilant and adopt a culture of self-monitoring. They should check their accounts on a daily basis, sign up for transactional monitoring from their bank and use long and strong passwords that don’t repeat across accounts.”

Just about every consumer involved in all these hacks received some kind of free credit monitoring offer. They are always worth accepting, but it’s important to know that credit monitoring can offer only limited protection against identity theft. In the end, consumers are ultimately responsible for discovering ID theft themselves. The best way to do that is regular monitoring of credit reports through AnnualCreditReport.com and use of a free credit score tool like the one provided by Credit.com.

Article By Bob Sullivan. This article originally appeared on Credit.com.

 
« Previous 1 4 5 6 7 8 Next »
Follow

© 2024 FreedomID Theft Protection. © 2014 FINWELL GROUP All Rights Reserved
Powered by Shopify

PayPal Visa Mastercard American Express Discover