Posted on

REDUCING  YOUR  RISK

By Lloyd Kenney

This article will provide tips on reducing your risk of being victimized by some of the more common identity theft, fraud, and scam activities used by criminals.

1.   Minimize the personal information you give away and reduce access to it.  Review legislation in your area to determine what steps businesses and organizations are supposed to use in collecting, securing, using, and disclosing your personal information.

2.   Don’t provide personal information to strangers via phone, e-mail, fake websites, pop-up windows, text, or solicitations. Legitimate businesses and organizations will not solicit personal information through those communication systems.  If in doubt, call the organization directly to verify the request.

3.   Carry important documents only when necessary (especially birth certificate and S.S.N. /S.I.N.).  Never carry such items with you unless they will be needed where you’re going. Photocopy the contents of your wallet or purse.  This would provide the documentation to rebuild your identity if your wallet or purse is lost or stolen.

4   Limit personal information on social media.  Sharing information with friends is dangerous because it could then be shared inadvertently with their friends and then with the friend’s friends, etc.   Never answer questions on social media; you may be answering the same questions as were used for security questions  

5.  Monitor all your accounts monthly, including billing cycles.  Criminals may find out which credit cards you use, then send “Change of Address” cards to your credit card company.  Your next statement is then mailed to the criminals.  They learn much from looking at your statement.  Monitor statements for fraudulent transactions – check each statement line by line.  Check with your credit card company to confirm how many days you have to report fraudulent charges.

6.  Don’t exchange information by texting.  A criminal may be using a stolen cell phone to text you for personal information.  Never provide texted information without phoning to confirm the request and who is requesting it.

7. Exercise caution online; open only recognizable attachments.  Never click on an attachment from an unknown source or from anyone you don’t know and trust.  Never click on a pop-up window.  Always verify the necessary website, then go to the site  – don’t reply when they contact you.  Take note of the sending e-mail address; if it isn’t shown on the screen, hover the cursor over the sender and the e-mail address should be shown.

8. Don’t access websites through “Links”. Always phone for the exact website address, then key it directly into the Address Line.  Exchange information only when you go to the site, never when the site comes to you. Keying  a website into the “Search Line” will give you multiple pages of options, some of which are likely fraudulent

9. Take special precautions with (RFID) Radio Frequency Identification Cards – use metal wallets and be wary of Pin Pads.  Criminals use scanners to capture your credit card number as they walk past you or stand next to you.  Cell phones are now available with heat-sensitive cameras to photograph a pin pad immediately after you enter your number – they now have your PIN  to go along with the card number they just scanned.  Enter your PIN with a pen or hold your hand over the PIN pad to warm all numbers.

10. Don’t use remote entry for locking vehicles in urban areas.  The radio signal used to lock your vehicle can be captured by a criminal’s receiver, to unlock the vehicle when you are out of sight.   Lock the vehicle by pressing the button on the door.

11.  Keep key fobs in metal wallets or containers.  Radio signal amplifiers are now available to activate the signal between your key and your vehicle when the key is in your pocket or purse up to 300 feet from the vehicle.  A metal wallet or container will prevent a radio signal transmission. 

12.  Clear or destroy photocopier hard drives.  Most large commercial copiers and many home models made since 2002 have hard drives which capture every document copied or scanned.  Destroy the hard drive or have a technician over-write everything on it before you sell or trade it.  Overwriting may be your only option with a leased machine – check with the supplier.

13. In cases of death, notify financial and credit reporting institutions before printing obituaries.  Criminals set up fake companies and send invoices to individuals named in obituaries dated a few days before the death.  Executors and administrators may pay the invoices, thinking they are legitimate.

14. Be wary of cell phone apps.  Most flashlight apps are malware.  We recommend downloading any apps only from Google Store or Apple Store to minimize the risk.  Many apps have software to capture contact and banking information, activate the camera or microphone, identify GPS locations at any time, etc.

15. Be vigilant when talking to vulnerable friends and relatives who may be lonely or depressed – they may become victims of Romance Fraud. This fraud is usually an online relationship where the couple never meets in person. Ultimately, one party begins to request money from the other. Many victims feel too ashamed or embarrassed to report the fraud

16.  Citizens tend to be very afraid of the tax man.  The IRS or CRA does not request payment through phone calls or e-mails; they do not ask for payment using I-Tunes gift cards.  The newest approaches, starting in 2018, are for the victim to withdraw cash, then go to a Bitcoin terminal and pay the scammers in Bitcoin. Always contact the IRS (Internal Revenue Service) or CRA (Canada Revenue Agency) to verify the legitimacy of any request.  

17.  Be aware of the security risk of appliances and devices remotely controlled.  This is the Internet of Things.  (IoT)  Technology, such as Home Automation, now has all that information and access available for internet hacking.  1.5 billion devices were attacked in only 6 months according to research by Kaspersky. The most common targets are routers and cameras.  Change passwords and double-check security systems – keep them updated.

18.  Synthetic Identity is now one of the most popular criminal activities.  A criminal may buy parts of your identity on the Black Market, then combine it with parts of their own or another stolen identity to create a completely new “synthetic” identity.  The new identity is synthetic, but the elements are from real people, not fictitious – very difficult to trace. 

19.  Don’t be a victim of any of the dozens of telephone scams. The caller may say you owe taxes; they may advise you that you have won a lottery, but must pay insurance and taxes before receiving the prize; they may say they are with your credit card security and request information; they may say they are from your bank and want to update your account and security information. They may say they are from Microsoft or Windows and advise that you have malware on your device, which they can remove – for a price. Never respond when they contact you!

20.  Criminals are setting up websites and accounts that look legitimate for any natural disaster, fire, special charity, or government assistance program. Participating in any way may jeopardize your personal information, your finances, or both. Always contact the legitimate organization directly yourself, never through any solicitation.

21. Malvertising – a new tactic where scammers are using websites that use similar logos, marketing style, and color as those of well-known businesses such as Amazon, Walmart, Wayfair, etc., to advertise products and services. When you click on the site, it automatically downloads malware, hence the term “Malvertising”.

22.  Artificial Intelligence is now able to copy the human voice – that means your friends and relatives. Never accept a voice request without ending the conversation. Return the call to your known contact to confirm the legitimacy of that request. Huge risks here with social media hacking!

Don’t be a victim of a fraud or scam:

Remember that legitimate organizations rarely ask for personal information or payment via phone call, e-mail, or text. They will not ask for payment by any form of gift card or Bitcoin; they will not ask that payment be made in a few hours. Never provide personal information, money, or access to money (credit card or banking information) when they contact you – in person, by phone, text, e-mail, pop-up window, or social media. Always verify the legitimacy of the request, preferably by third-party verification before continuing the communication. Report all fraudulent activity to police and government agencies.

Future articles will discuss a variety of identity theft, fraud and scams,  along with ways to recognize them to prevent being victimized. Follow me here on Medium to learn more.

Lloyd Kenney has more than 50 years of experience in business operations, sales and marketing; he has presented over 240 “Identity Theft, Fraud & Scam” seminars supporting individuals and organizations in reducing their risk of being victimized. Kenney is a Performance Management expert who provides consultations and workshops on performance management. He is also the author of Performance Management: Hiring, coaching and retaining high performance, superior employees for small businesses. You can follow Lloyd Kenney on LinkedIn and  Facebook.   Visit www.performanceplanning.ca

Posted on

Tax Return Scams

This topic can make news headlines any time, but during spring tax season they are very common.  In the past, there were frequent reports of the FBI (Federal Bureau of Investigation) and RCMP (Royal Canadian Mounted Police)  working with police in India to shut down call centers active in these scams.  Police in India recognized that there are many such illegal call centers and they will continue conducting raids.  Dozens of these call centers operate in several cities in India and it is believed that some may be operating with police approval since bribery is a common way to avoid scrutiny.

Recovering money will be difficult because some of the payments are processed through offshore intermediaries to insulate the scammers.  These intermediaries may be pocketing as much as 40% of the total amount, according to Indian police.

Police are emphasizing that prevention is likely the best approach because criminals will continue to create scamming techniques as long as there are willing victims. People seem to have a substantial fear of the tax man!

Just remember that the IRS (Internal Revenue Service) and CRA (Canada Revenue Agency) will not request payments by gift cards, e-mail, internet link, text, or bitcoin.  They won’t demand payment in hours or threaten immediate arrest.  When in doubt, simply contact the IRS or CRA directly, or call the police. 

Tax season is an opportune time for scammers to impersonate the tax authorities.  In this post, we will provide information regarding tax scams via e-mail.  This includes what you should recognize and what you should do.

            An e-mail or text message is sent from someone pretending to be with the IRS or CRA, claiming:

  • that your tax calculation has been completed, and you will receive a tax refund by going through a link and submitting the information
  • that you or your company is being accused of participating in tax evasion schemes
  • that several discrepancies have been found with your filed taxes which need to be revised
  • that you’ve received an e-transfer from the IRS or CRA for what appears to be a tax refund
  • that an “investigation” has been started on your IRS or CRA claim

Reject it: How can I protect myself or my loved ones?

  • Hang up immediately if there’s anything suspicious or unprofessional about the call – the IRS or CRA will never threaten you with immediate arrest, use abusive language, or send police.
  • The IRS or CRA will never request payment by online currency such as Bitcoin, or pre-paid gift cards such as iTunes, Home Depot, etc.
    • The IRS and CRA accepted methods of payment are online banking, debit card, credit card, or PayPal through a third-party service provider, and pre-authorized debit. Call IRS or CRA to verify.
  • Do not click on any link in an e-mail pretending to be from the IRS or CRA – they will never ask you to click on any link to get a refund or to collect personal or financial information.
    • The only time they will send an e-mail that contains links is if a taxpayer calls them to ask for a form or a link to specific information. An IRS or CRA agent will send the information to the taxpayer’s email during the telephone call – this is the ONLY exception to the above rule!
  • The IRS or CRA never sends out text messages. Any text message from them is a scam.
  • Young people are often the most at risk for this scam, particularly when filing their taxes for the first time. Make sure your family and friends are educated on what tax authorities will and will not ask for during tax season.

Report it:  How should I respond?

  • If you are not sure if a message is from the IRS or CRA, confirm your tax status with them online through a secure portal such as My Account or by calling them directly.
  • Report the scam to your local police if you paid money (this includes purchasing pre-paid credit cards, gift cards, or online currency such as Bitcoin).
  • If you sent money or shared financial information, report it to the financial institution used e.g. your bank, Western Union, or MoneyGram.
  • If your Social Security or Social Insurance Number has also been stolen, contact authorities immediately

    The tax scam has been a topic in our Identity Theft, Fraud, and Scam seminars for several years and we’ve discussed such criminal activity in previous posts on LinkedIn and Facebook.  At last, we have some good news!  Police announced on Feb. 14, 2020, they had arrested 2 people in Ontario who were involved in the scam.  The arrests were made on Feb. 12, 2020, with another arrest warrant issued for an individual who they believe is now in India.

    Some interesting facts regarding these crimes and the criminal organizations:

    –  Most are originating in India; 39 call centers in India have been shut down.                                                      

    –  The same criminal organization was also involved in the Bank Inspector Scam and the Tech Support Scam.  Many of you have no doubt received a phone call saying that they are from Windows or Microsoft and have identified a problem with your computer that they can fix if they can have access to your computer online.                                                                                                  

    –  The investigation is continuing to find more “money mules” – people in the U.S. and Canada who are laundering the money and coordinating the transfer of the funds to India.

    • Every year, tax scams are popular with criminals.  While work by investigators has reduced the dollar losses, there are still criminal organizations and many lone scammers who take advantage of the fact that many taxpayers fear the taxman!  Here are some of their tactics:

    (Note that these are usually phone calls, but don’t rule out text messages or e-mails.)

    1.  A message suggesting that your SSN or SIN has been compromised. They know the IRS or CRA has your Number, so they use that to convince you to work with them to fix a “problem”.

    2.  They tell you there is some outstanding legal action against you, but they assure you they can help resolve the problem.

    3.  The most common scam in the past has been that you owe back taxes.  Victims are often those who may have a spouse who passed away and the scammer can indicate that the spouse owed the taxes. However, they may simply say you owe them and they will have a very convincing story.

    4.  You are told that your name, or part of your personal information, is linked to a crime. Of course, they will have plans to get you out of the jam, but always at a price.

    5.  They usually insist you take quick action and threaten that if you don’t, you may be arrested, fined, or deported.

    • There may be many variations of those scenarios, based on whatever has worked best for the scammer in the past.

    My usual, simple advice:  Never provide information, money, or access to money when they contact you – EVER!  Do that only after you have independently verified both the legitimacy of the caller and the topic.

    Future articles will discuss a variety of identity theft, fraud, and scams,  along with ways to recognize them to prevent being victimized. Follow me here on Medium to learn more.

    Lloyd Kenney has more than 50 years of experience in business operations, sales, and marketing; he has presented over 230 “Identity Theft, Fraud & Scam” seminars supporting individuals and organizations in reducing their risk of being victimized. Kenney is a Performance Management expert who provides consultations and workshops on performance management. He is also the author of Performance Management: Hiring, coaching, and retaining high-performance, superior employees for small businesses. You can follow Lloyd Kenney on LinkedIn and Facebook.