Scams target elderly, mobile phone users and travelers

Molly Rosboch, a writer for the Yakima (Wash.) Herald-Republic newspaper, reported the following Medicare identity theft scam in the June 5 article, “Scammers ‘phishing’ for personal info pose as Medicare agents.” 

During the first week of June, Linda Badgley of Yakima received a telephone call from a woman who said she was a representative from Medicare. She told Badgley that the agency needed to send her a new card, but she first needed to verify Badgley’s personally identifiable information (PII). Badgley told the woman that she had previously contacted Medicare, and she knew this call was a scam. The caller quickly hung up.

Badgley was prepared for the bogus caller. Earlier, she had received a call from a man, who said he was from Medicare, who gave her the same pitch and requested her banking information. During both bogus calls, the scam artists already knew Badgley’s first and last name and her address.

Fraudsters have been very successful in the U.S. in foisting this scam on the elderly and robbing them of their money. Matt Serafini, in an article, “Medicare Phone Scams Continue Dogging Seniors Throughout 2013,” posted March 14 on the “ehealth Medicare” blog, reported the following:

“These cons are incredibly successful, costing taxpayers billions of dollars annually. … In these instances, fraudulent callers will attempt to trick their targets into divulging sensitive information. They may say that a new Medicare card has been mailed out, and then ask for your checking account number so Medicare can deposit funds directly into your account. Other phone calls will ask you to verify your Medicare number (which is also your Social Security number) so that you can be issued an ‘updated’ Medicare card. Another variation finds the caller stating that Medicare is ready to pay for medical supplies — an arthritis kit, for example — and requests your Social Security number for confirmation. No matter the scenario, the endgame is almost always the same: The caller is looking to gain access to your bank account, or steal your identity.”

Fraudsters target the elderly because they’re often lonely and trusting. They gather their victims’ PII before they call, work from a well-designed script and are empathetic and convincing.

Serafini offers the following advice in his blog posting to help protect the elderly:

• “The first thing to know is that Medicare will never call you. In the rare occasion that they may, they will never request sensitive information of you.”
• “Never carry your Medicare card in your wallet. Instead, keep it in a safe and secure spot where you’ll remember. If you have to carry your Medicare card on your person, make a copy of it and black out all but the last four digits with a marker. These cards do not expire. You are issued one as soon as you enroll and it never needs to be renewed. If you happen to lose it, contact Medicare directly in order to report a missing card.”
• “If you ever question the validity of a phone call, tell the caller you would like to call them back and ask for their direct number. This will usually make them hang up. A good rule of thumb is not to give out potentially sensitive information over the Internet, on the phone or to unsolicited strangers.”
• “Additionally, you may always contact the customer service number on the back of your Medicare card if you have any questions or concerns.”

FLOURISHING SCAMS REPORTED BY THE FBI

The FBI recently alerted law enforcement agencies and the public about several identity theft scams that continue to flourish.

Travelers’ laptop scam

The FBI reported that “Malware Installed on Travelers’ Laptops Through Software Updates on Hotel Internet Connections” on May 8, 2012. Fraudsters target you when you’re innocently setting up Internet connections on your laptop in your hotel room.

A pop-up window emerges on your screen telling you to update a well-known software product. However, don’t immediately click and accept the update because a malicious software could be installed on the laptop leading to potential loss of PII. The FBI recommends:

• All government, private industry, and academic personnel who travel abroad take extra caution before updating software products through their hotel Internet connections. 
• If the author or digital certificate of any prompted update doesn’t correspond to the software vendor it might reveal an attempted attack. 
• Update software on your laptop immediately before traveling. While traveling, only download software updates directly from software vendors’ websites. 
• If you think you’re a victim, contact the local FBI office and promptly report it to the Internet Crime Complaint Center (IC3). The IC3’s complaint database links complaints together to refer them to appropriate law enforcement agencies. It also uses complaint information to identify emerging trends and patterns.

Mobile phone scam

The FBI reported that “Smartphone Users Should be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise” on Oct. 10, 2012 after the Internet Crime Center sent it an alert.

The scam targets Android operating devices for mobile phones with different variants of the “Loozfon” and “FinFisher” malware programs, which leads to identity theft.

Fraudsters use Loozfon malware to trick individuals and steal their PII via advertisements for common work-at-home opportunity schemes that promise big profits for sending out emails to deliver their product.

When victims click on a link within the advertisement, they’re directed to a website that will embed the Loozfon malware on their devices; it then steals personal contact details from the victims’ address books and their telephone numbers.

The FinFisher malware transfers to a smartphone when a victim visits a specific web link or opens a bogus text message that’s pretending to be a system update. After it’s installed, this spyware is capable of taking over the components of any mobile device. A fraudster can remotely control and monitor the device anywhere the user takes it.

The FBI offers the following safety tips to protect your mobile device:

• When purchasing a smartphone, know the features of the device, including the default settings. Turn off features you don’t need to minimize the device’s “attack surface.” 
• The operating system may have encryption features to protect your personal data if you lose the device or it’s stolen.
• Read reviews of apps’ developers and publishers.
• Review and understand the permissions you’re giving when you download applications.
• Passcode protect your device — the first layer of physical security for its contents. Enable the screen lock to engage after a few minutes of inactivity.
• Obtain malware protection. Look for applications that specialize in antivirus or file integrity that help protect from rogue applications and malware.
• Be aware of apps that enable geo-location to pinpoint your location. Companies use them for marketing, but malicious actors can use them for stalking and theft. 
• Device owners sometimes use “jailbreak” or “rooting” to remove restrictions imposed by the device manufacturer or cell phone carrier. Users then have nearly unregulated control over programs and device operation. However, this hacking makes the device vulnerable and allows fraudsters to take full control.
• Don’t allow your device to connect to unknown wireless networks, which could be rogue access points that capture information passed between your device and a legitimate server.
• If you decide to sell or trade in your device, “wipe” it — reset it to factory default — so no personal data remains.
• Be sure to update your apps and firmware to decrease hacking and compromising possibilities. 
• Don’t click on links or download software from unknown sources.
• When using the Internet, use the same precautions on your mobile device as you would on your laptop or desktop computers when using the Internet.

TWO MORE TRAVEL SCAMS: ‘FAKE HOTEL WEBSITE’ and ‘I’LL KEEP THE ROOM’

The Scambusters website recently reported two scams.

In the “fake hotel website” fraud, cyber criminals set up online pages that advertise real or fictitious hotels (especially in China and Southeast Asia) to rob room deposits or credit card numbers from unsuspecting travelers.

Some of these sites also promote job scams at these hotels and bilk money out of applicants who pay an upfront fee for background checks or airfares.

Scambusters recommends the following:

• Book your hotel through a reputable travel site or agent. 
• If you plan to book direct, ensure you have the correct website address, and check out the hotel’s reputation with other users via travel networking sites like TripAdvisor.com. 
• Look for full street addresses and phone numbers and, if possible, phone to authenticate. 
• And, of course, never pay upfront for any kind of job application. 

In the “I’ll keep the room scam” cyber criminals take advantage of hotels’ rapid check-out service. Guests often now receive their invoices under their doors rather than at the desk. A fraudster, who has never showed his face to hotel desk personnel, roams the corridors looking for a vacant, unlocked and uncleaned room. He then masquerades as the previous occupant and calls the hotel desk to say he wants to stay for a few more days. Of course, the hotel charges the room to the previous occupant’s credit card.

Scambusters reports that “A man was recently arrested in Florida for allegedly doing this and living free for almost two years!” To avoid this scam, Scambusters recommends fully shutting your room door when you leave and return your card keys to the desk so they know you’ve really checked out.

MORE HELP FOR THE COMMUNITY

I hope you’ll share this information with your family, friends and clients and include it in your outreach programs. We must step up our efforts to educate the public on how to safeguard their personal information, which will reduce identity theft. Cyber criminals are using new and updated scams to trick consumers out of their resources. An educated community will help curb the damage.

Please contact me if you have any identity theft issues you’d like me to research and possibly include in future columns or if you have any questions related to this column or any other identity theft questions. I don’t have all the answers, but I’ll do my best. Stay tuned!