The Latest Government Imposter Scam

This week’s blog is adapted from a recent post by Consumer Education Specialist Lisa Lake on the FTC’s website OnGuardOnLine.


According to Lake, The Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) and the FTC are trying to get the word about a scam with scammers posing as federal employees trying to get or verify personal information.


Sometimes, the caller asks you to verify your name, and then just hangs up. Other times, he or she might ask for detailed information — like the last digits of your Social Security or bank account number. Imposters might say they need this information to help you or a family member. But their real reason is to steal from you or sell your information to other crooks.


Your caller ID might even read “HHS Tips” or “Federal Government” when they call. The phone number could have the “202” Washington, DC area code, the headquarters for many federal agencies. The phone number may even be for a real government agency. But don’t be fooled: Scammers know how to rig their caller Ids to reflect false information.


So how can you tell the caller is an imposter?

  • The federal government typically will contact you by U.S. Mail first, not by phone or email.
  • Federal agencies will not demand personal informationlike your Social Security Number or bank account number over the phone. Also, just because the caller knows details about you, doesn’t mean she is trustworthy.
  • The caller typically asks you to send money – often via wire transfer, by using a prepaid debit card, or maybe by sending you a fake check to cash. Federal agencies will notask you to use any of these methods to send money for any

…and what should you do?

  • Hang up. Do not give out any personal or financial information.
  • Contact the Department of Health and Human Services OIGat 1-800-HHS-TIPS (1-800-447-8477) or
  • File a complaint with the FTCat or 877-FTC-HELP.


For more on identity theft protection best practices please visit

Tis the Season for Identity Theft Protection

Many of us have the latest gadgets and “smart” appliances on our gift lists.  Many are now connected to the wonderful “Internet of Things”.  What I’m sure none of us have on our wish list is getting hacked.  Today’s blog is advice from Consumer Education Specialist Ari Lazarus from the Federal Trade Commission—the division of the Federal government that takes on the responsibility of consumer protection.


Today’s hackers are attacking a lot more than just computers. They’re going after ‘Internet of Things’ (IoT) products – like internet connected cameras and refrigerators and using them to create havoc on the internet.


In October, hackers used the “Mirai” malware to attack unsecured IoT devices, turning them into zombie computers to overwhelm and shut down popular websites including Netflix, Paypal and Twitter.


Attacks like that are more than just an inconvenience. They can put your information at risk. So what can you do to reduce the risk of compromise to your home network and smart products?

  • Be mindful of each question during the set up process—DO NOT JUST CLICK “NEXT”. Review the default settings carefully before making a selection, and use the security features for your device. If it allows you to set up a passcode lockout (“three strikes and you’re out”) and enable encryption, you can add a layer of protection to your device.
  • Like you do for your computer and smartphone, download the latest security updates. To be secure and effective, the software that comes with your device needs updates. Before you set up a new device, and periodically afterwards, visit the manufacturer’s website or the device’s settings menu to see if there’s a new version of the software available for download. To make sure you hear about the latest version, register your device with the manufacturer and sign up to get updates.
  • Be sure to create original passwords for each device. The manufacturer may have assigned your device a standard default password. Hackers know the default passwords, so change it to something more complex and secure.


At Legal Shred, we want to do everything we can to help make this year’s holiday season your best ever.  For more on identity theft best practices, please visit or

Keeping Scammers from Dimming Holiday Cheer

Form of payment is key.  If someone is asking you to pay with an iTunes or Amazon gift card or to wire money through Western Union or MoneyGram: Don’t do it. Scammers ask you to pay in ways that let them get the money fast — and make it nearly impossible for you to get it back. If you’re doing any holiday shopping online, know that credit cards have a lot of fraud protection built in.
A key way to spot imposters is understanding imposters pretend to be someone you trust to convince you to send money or personal information. They might say you qualified for a free government grant, but you have to pay a fee to get it. Or they might send phishing emails that seem to be from your bank asking you to “verify” your credit card or checking account number. Don’t buy it.
In the holiday spirit and taking advantage of tax benefits, it’s a big time of year to donate to charities.  To make sure your money is really getting to a real charity, research your chosen charities first.  Good resources for verification include Charity Navigator, Charity Watch, and Guide Star.
The holiday season is upon us–let’s make it the cheeriest ever.
For more on identity theft best practices please visit

Thankful for 2016

Going into the last weeks of 2016, we’d like to use this week’s blog to reflect on a great year.  On January 1, 2016 we announced our expansion into the Greater NY/NJ Metro market taking on the dba “Legal Shred”.  In April we solidified our presence with the acquisition of Stay Green and welcomed Joseph Ferguson to our team. A few months later we secured clients in Connecticut, Massachusetts, and NJ.

As we grow, our mission and core value remains the same.  Security, strong relationships, and accepting nothing less than the best from ourselves each and every service, each and every day, each and every week, each and every month…each and every year.  That’s how we roll.

We appreciate the continued support of so many clients who have now been with us since our first days in 2008 and each client we have serviced since–whether monthly, weekly, or just once.

We at Legal Shred are looking forward to helping with year end-clean outs as well as partnering with our existing and new clients to make their 2017 budgets manageable while ensuring top level data security including document destruction as well as hard drive destruction.

Already we have helped save over 20,000 trees and nearly 4000 cubic yards of landfill.

We always welcome feedback as to how we can improve our service–we look forward to hearing from you in these final weeks of 2016 and going into 2017.

For more information on the most secure and cost efficient document security solutions, please visit or call us 845 705 7279


Excellent Resource for Identity Theft Protection

Here’s what’s hot off the presses:

  • Identity Theft – What to Know, What to Do gives an overview of identity theft and steps to recover from it. If you’re teaching people in your community about avoiding and dealing with identity theft, this is the publication to order.
  • Identity Theft – A Recovery Plan, formerly Taking Charge: Fighting Back Against Identity Theft, is a comprehensive guide for victims of identity theft. This booklet includes to-do lists, forms, and sample letters – all of which you also can find right away at

All of these publications are available in bulk, free of charge, Be sure to read, download, order and share them!

We always welcome your feedback for whether you find our blogs useful.

For more information please visit or

Are You Making it Too Easy for Companies to Get Your Personal Information?

If you are getting calls or emails from companies you’ve never heard of and wondering how they got your name or number — or how they know what you’re interested in, the reason might be lead generation.

Today’s blog is meant to help you understand how they get your information in the first place:

Lead generation is when companies gather information that people submit, often from online forms or applications. Lead generators sell that information to other companies offering products or services those people might be interested in.

It’s your information getting collected and sold, and it might pass through a lot of hands along the way.

The upside is you might find out about products or services you’re interested in, and get deals you wouldn’t have heard about otherwise.

The downside is, even if you know you’re giving information to a lead generator — like a site that matches people seeking loans with lenders — you might not realize your info could be sold and resold. If it’s sold to anyone willing to pay for it, you might be contacted by all kinds of companies you’ve never heard of.

Sometimes, lead generation also results in deception or outright scams. Last year the FTC sued a company that got people’s information from online payday loan applications, then sold it to non-lenders who raided people’s credit and bank accounts for millions. In another case, a company settled charges that it used fake job ads to get leads for colleges and career training programs.

The key is–Before you fill out forms or applications on a site, find out more about the company — on the site itself, and by doing an online search for the company with words like “complaint” or “review.” How will they protect your information? And think long and hard before you give out your Social Security Number or bank or credit card information. In the wrong hands, they can lead to identity theft. If you think information you’ve already shared has been misused, report it right away to the FTC and local police.

For more on best practices in Identity theft protection, please visit or

Tips from Homeland Security for Identity Theft Protection

We use this blog to share valuable resources for best practices in Identity Theft Protection.  This entry is adapted from a blog by Andy Ozment an Assistant Secretary, Cybersecurity and Communications.

According to Ozment, most of us have developed a very close relationship with our mobile devices: we carry them with us throughout the day, check them frequently, and even sleep with them nearby at night. Although mobile devices allow us to instantly connect with friends and family, to access the internet, get directions, and make purchases, this increased convenience also comes at an increased risk. Many of these online activities require us to provide personal information such as our name, email address, account number, and credit card information. This puts us at an increased risk of having this information compromised by cyber criminals.

The Department of Homeland Security is encouraging all Americans to follow these simple steps to ensure the security of their personal information online:

To keep your private information private, avoid sharing your full name, address, and other personal information online. Frequently check a website’s privacy options to ensure you have enabled the highest level of privacy as options may get updated or changed completely

The old “when it doubt, throw it out” guide works in this case.  Links in emails, tweets, posts, and online advertisements are often how cybercriminals compromise your computer or mobile device. If it looks suspicious, it’s best to delete it, even if you know the source. If appropriate, mark the message as “junk email” so that future messages from the sender do not end up in your inbox.

Passwords are key–make them strong. Setting passwords that are long, unique, and hard to guess is one of the most important things you can do to protect your online accounts. Changing passwords regularly and using different passwords for different accounts goes a long way to protecting your online information.

For any vulnerable accounts, ask for protection beyond passwords. Many websites now offer additional ways for you verify your identity are before you conduct business on their sites, such as two-factor authentication.

The same pertains to your mobile devices–In order to prevent theft and unauthorized access, use a passcode to lock your mobile device and always lock it when it’s not in use. Never leave your mobile device unattended in a public place.

For more on best practices for identity theft protection, please visit and

FBI Urges Victims of Ransomware to Report Incidents

This week’s blog begins a several week series on Ransomware adapted from the Internet Crime Complaint Center. The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

In it’s most recent post, the FBI is urging victims of ransomware to report their experiences to federal law enforcement to help the Agency gain a more comprehensive view of the current threat and its impact on U.S. victims.

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.
Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.

The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

What to Report to Law Enforcement
The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at, with the following ransomware infection details (as applicable):
1. Date of Infection
2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
3. Victim Company Information (industry type, business size, etc.)
4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
5. Requested Ransom Amount
6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
7. Ransom Amount Paid (if any)
8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
9. Victim Impact Statement

More on the impact of ransomware in upcoming weeks.

For more information on identity theft best practices, please visit

Defenses Against Smishing

This week’s blog is adapted from a recent blog posted by The Identity Theft Resource Center(ITRC).  The ITRC is a non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft, data breaches, cyber security, scams/fraud and privacy issues.

Hackers and scammers are top innovators.  They are finding new ways to attach data every day.  With every new platform, software, or app that comes out, someone invariably finds a way to use it to their advantage. The end result can be a breach in your personal security and a loss of your identity.

But with every new form of attack—spoofing, phishing, hacking, and more—the public has to learn about the threat and learn how to protect themselves from it. That’s why staying on top of a new form of security threat is critical to protecting yourself.

There’s a new form of security danger out there, and this one specifically targets your smartphone. Smishing, as the attack is called, uses the hackers’ old favorite—phishing, or sending out emails that entice you to click a link that actually downloads malicious software—to install a Trojan or virus on your phone. As its name implies, smishing comes from “SMS phishing,” as SMS is the acronym that applies to text messages.

Obviously, a smishing attack goes after your device via text message, and it happens when you get a message from an unknown number that offers you some sort of incentive. It might be telling you about a free offer, a coupon, something wrong with your account, or even more likely, it might claim that “your friend” has sent you a game request or message. Unfortunately, the weblink in the text will install malicious software on your phone once you press it.

Unlike viruses of the “olden days” that sought to lock up your computer or disable your files, smishing attacks generally don’t even want you to know they’re there. They want to exist inside your device and continue to feed information back to the hacker, information like your contacts list, your email address book, and any passwords you enter for apps or accounts you use.

While there are antivirus apps available for smartphones, it can be difficult to completely remove malicious software from a smartphone once it’s infected. Depending on the virus, the only available option may be to reset the phone to its factory settings, which will remove all of your content out of the phone. By far, the better option is to avoid installing this type of threat in the first place. Just remember the rule that goes for emails and social media messages, and apply the same smart practice to your mobile device: never click a link that you weren’t expecting.

For more on best practices for identity theft protection, please visit

Falling Prey to the Scammer Claiming to Help Recover from the Scam

The FTC’s Blog focusing on best practices for consumer’s to protect themselves from identity theft is a great resource.  This week’s blog is adapted from a recent post by Consumer Education Specialist Lisa Lake.

Even worse than losing money to a scammer is losing more money to another scammer claiming to help you recover from the first one.

Sadly, this really happens. It works like this: Con artists contact you because you’re on their lists of people who lost money to scams. For a “small fee” or “donation” upfront, they promise to recover the money you lost from a prize scheme, bogus product offer, or some other scam.

Sometimes, they try to get you to contact them by putting their offers of “help” in the comments section of blog posts or online articles about scams. Some crooks claim to be from a government agency to appear trustworthy. Others pretend to be actual victims who got (supposed) help from some (fake) agency or company.

But it’s all just a scam, too — another way for a scammer to profit from your loss. They’re after your money, and if you share your payment information, they’ve got it.

Here’s how you can avoid these recovery scams:

(1) Don’t pay upfront for a promise. Someone might ask you to pay in advance for things – like help with recovering from a scam. Consider it a no-go if they ask you for money before they provide any “help”.
(2) Make it a practice NOT to send money or give out personal information in response to an unexpected text, phone call, or email.
(3) Check references and credentials–Do online searches. Type the name or contact information into your favorite search engine with the term “complaint” or “scam.”  Ask for a reference.

If you do find you have been scammed, please file a complaint with the FTC.  It will help get the word out and quash it sooner than later.

For more on identity theft best practices, please visit