These are the latest scams and online threats you should understand and avoid to protect your sensitive personal and financial information.
YAHOO! Data Breach
Yahoo recently announced that 500 million of their accounts were hacked and are being sold by internet criminals. This is believed to be the largest ever publicly disclosed data breach by a company. Bad guys are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account, looking just like the real ones. Here is you should do right away:
- Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong, complex password or rather a pass-phrase.
- If you were using that same password on multiple websites, you need to stop that right now. Doing so is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too.
- Change the security questions and make the answers something that is not obvious. Security questions and answers were stolen too in this breach.
- Use a free password manager that can generate hard-to-hack passwords, keep and remember them for you.
- Watch out for any phishing emails that relate to Yahoo in any way and ask for information. Do not click on links or open attachments in the messages. The real Yahoo email does not ask you to click on links or contain attachments.
Now would also be a good time to use Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
Scam of the Week - Fake Security Emails
There is a new scam you need to watch out for. In the last few years, online service providers like Google, Yahoo and Facebook have started to send emails to their users when there was a possible security risk, like a log-on to your account from an unknown computer.
Bad guys have copied these emails in the past, and tried to trick you into logging into a fake website they set up and steal your username and password. Now, however, they send these fake security emails with a 1-800 number that they claim you need to call immediately.
If you do, two things may happen:
1) You get to talk right away with a real internet criminal, usually with a foreign accent, that tries to scam you. They claim there is a problem with your computer, "fix" it, and ask for your credit card.
2) You get sent to voice mail and kept there until you hang up, but your phone number was put in a queue and the bad guys will call you and try the same scam.
Remember, if you get any emails that either promise something too good to be true, OR look like you need to prevent a negative consequence, Think Before You Click and in this case before you pick up the phone.
If you decide to call any vendor, go to their website and call the number listed there. Never use a phone number from any email you may have received. Here is a real example of such a call. Don’t fall for it! http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3
NCUA Warns of Text Phishing Scam
ALEXANDRIA, Va. (Aug. 23, 2016) – The National Credit Union Administration has received consumer calls about a suspicious text message claiming to come from the agency.
Learn more: https://www.ncua.gov/newsroom/Pages/NCUA-Warns-of-Text-Phishing-Scam.aspx
EMV (chip) Cards Phishing Scam
ALBANY, N.Y.—New York state officials here are warning consumers of a new phishing scam that involves EMV cards.
Scammers, pretending to be card issuers, are sending emails to individuals who haven't yet received their new chip cards, according to the New York State Division of Consumer Protection (DCP). The emails ask recipients to update their accounts by providing personal information in order to receive their new chip cards, or to click on a link to continue the process. By clicking on the link, malware can be installed on a computer or mobile device, CBS News reported.
Consumers who fall for such scams are also exposing themselves to identity theft. By compiling profiles on individual consumers, some scammers are able to open credit cards in their victims' names.
"The card issuer gets scammed into giving a new card with a line of credit in your name, and the criminal runs up the card by the time the issuer knows what's happening,” David Robertson, publisher of the Nilson Report, told CBS.
National Credit Union Administration (NCUA) Telephone Scam
The NCUA has issued a warning to consumers about a telephone scam in which a caller claims to work for NCUA and asks for personal and financial information. This is a SCAM. Do not give the caller any information.
Robocall Scam Targets Older New Yorkers
The New York State Office for Aging has been made aware of a new robocall scam that attempts to lure older New Yorkers into providing their personal information over the phone. The voice on the robocall identifies itself as the New York State Office for the Aging and asks the individual answering the phone to press a button if someone in the home is over 65 and would be interested in receiving a free Medic Alert pin and $3000 in coupons for food or other items.
This is a SCAM. The New York State Office for the Aging does not give away items, money or coupons and will NEVER solicit personal information over the phone.
If you receive a similar call, you should HANG UP IMMEDIATELY. Reports of financial scams should be reported to the Consumer Protection Division of the NYS Attorney General’s Office at 1-800-771-7755, the NYS Department of Financial Services at 1-800-697-1220 or the NYS Department of State (518) 474-8583.
Did someone call or message you about a problem with your account or credit card?
Empower will NEVER initiate a call asking you to provide an account or card number. This type of scam often includes statements that make you believe immediate action is required or your account will be blocked. This is a tactic used to make the potential victim feel rushed and provide information they otherwise would not provide. NEVER provide information in response to such questions. ALWAYS call us directly at 315.477.2200 if you have any concerns about your account.
For your security, Empower does partner with a third-party vendor that monitors card transactions 24/7. They may call on our behalf to verify a transaction if it appears out of the ordinary, but they will provide all the information to you. They will NEVER ask you for account or card information.