Category Archives: Data Security News

Tis the Season for Identity Theft Protection

Posted on by Judith

Many of us have the latest gadgets and “smart” appliances on our gift lists.  Many are now connected to the wonderful “Internet of Things”.  What I’m sure none of us have on our wish list is getting hacked.  Today’s blog is advice from Consumer Education Specialist Ari Lazarus from the Federal Trade Commission—the division of the Federal government that takes on the responsibility of consumer protection.

 

Today’s hackers are attacking a lot more than just computers. They’re going after ‘Internet of Things’ (IoT) products – like internet connected cameras and refrigerators and using them to create havoc on the internet.

 

In October, hackers used the “Mirai” malware to attack unsecured IoT devices, turning them into zombie computers to overwhelm and shut down popular websites including Netflix, Paypal and Twitter.

 

Attacks like that are more than just an inconvenience. They can put your information at risk. So what can you do to reduce the risk of compromise to your home network and smart products?

  • Be mindful of each question during the set up process—DO NOT JUST CLICK “NEXT”. Review the default settings carefully before making a selection, and use the security features for your device. If it allows you to set up a passcode lockout (“three strikes and you’re out”) and enable encryption, you can add a layer of protection to your device.
  • Like you do for your computer and smartphone, download the latest security updates. To be secure and effective, the software that comes with your device needs updates. Before you set up a new device, and periodically afterwards, visit the manufacturer’s website or the device’s settings menu to see if there’s a new version of the software available for download. To make sure you hear about the latest version, register your device with the manufacturer and sign up to get updates.
  • Be sure to create original passwords for each device. The manufacturer may have assigned your device a standard default password. Hackers know the default passwords, so change it to something more complex and secure.

 

At Legal Shred, we want to do everything we can to help make this year’s holiday season your best ever.  For more on identity theft best practices, please visit legalshred.com or hvshred.com

Keeping Scammers from Dimming Holiday Cheer

Posted on by Judith
The FTC’s recent blog post by Consumer Education Specialist Amy Hebert focuses on the timely topic of holiday shopping safely.
With meals to plan and gifts to buy, the last thing you need is to lose money to a scam. Here are three ways to avoid giving your hard-earned money to a scammer this holiday season.
Form of payment is key.  If someone is asking you to pay with an iTunes or Amazon gift card or to wire money through Western Union or MoneyGram: Don’t do it. Scammers ask you to pay in ways that let them get the money fast — and make it nearly impossible for you to get it back. If you’re doing any holiday shopping online, know that credit cards have a lot of fraud protection built in.
A key way to spot imposters is understanding imposters pretend to be someone you trust to convince you to send money or personal information. They might say you qualified for a free government grant, but you have to pay a fee to get it. Or they might send phishing emails that seem to be from your bank asking you to “verify” your credit card or checking account number. Don’t buy it.
In the holiday spirit and taking advantage of tax benefits, it’s a big time of year to donate to charities.  To make sure your money is really getting to a real charity, research your chosen charities first.  Good resources for verification include Charity Navigator, Charity Watch, and Guide Star.
The holiday season is upon us–let’s make it the cheeriest ever.
For more on identity theft best practices please visit www.hvshred.com

Thankful for 2016

Posted on by Judith

Going into the last weeks of 2016, we’d like to use this week’s blog to reflect on a great year.  On January 1, 2016 we announced our expansion into the Greater NY/NJ Metro market taking on the dba “Legal Shred”.  In April we solidified our presence with the acquisition of Stay Green and welcomed Joseph Ferguson to our team. A few months later we secured clients in Connecticut, Massachusetts, and NJ.

As we grow, our mission and core value remains the same.  Security, strong relationships, and accepting nothing less than the best from ourselves each and every service, each and every day, each and every week, each and every month…each and every year.  That’s how we roll.

We appreciate the continued support of so many clients who have now been with us since our first days in 2008 and each client we have serviced since–whether monthly, weekly, or just once.

We at Legal Shred are looking forward to helping with year end-clean outs as well as partnering with our existing and new clients to make their 2017 budgets manageable while ensuring top level data security including document destruction as well as hard drive destruction.

Already we have helped save over 20,000 trees and nearly 4000 cubic yards of landfill.

We always welcome feedback as to how we can improve our service–we look forward to hearing from you in these final weeks of 2016 and going into 2017.

For more information on the most secure and cost efficient document security solutions, please visit www.legalshred.com or call us 845 705 7279

THANK YOU!

Excellent Resource for Identity Theft Protection

Posted on by Judith

When we find a valuable resource we feel it is our duty to share it.  A recent post by Lisa Lake, a Consumer Education Specialist at the Federal Trade Commission is invaluable to help prevent as well as how to make it through an experience of identity theft.

The FTC has new and revised identity theft publications that reflect features that make it easier to report and recover from identity theft.

Here’s what’s hot off the presses:

  • Identity Theft – What to Know, What to Do gives an overview of identity theft and steps to recover from it. If you’re teaching people in your community about avoiding and dealing with identity theft, this is the publication to order.
  • Identity Theft – A Recovery Plan, formerly Taking Charge: Fighting Back Against Identity Theft, is a comprehensive guide for victims of identity theft. This booklet includes to-do lists, forms, and sample letters – all of which you also can find right away at IdentityTheft.gov.

All of these publications are available in bulk, free of charge, atFTC.gov/bulkorder. Be sure to read, download, order and share them!

We always welcome your feedback for whether you find our blogs useful.

For more information please visit www.hvshred.com or www.legalshred.com

Are You Making it Too Easy for Companies to Get Your Personal Information?

Posted on by Judith
A recent post by Amy Hebert Consumer Education Specialist, on the FTC blog is a good source for understanding how we are contributing to companies getting more personal information than we wish–leading to unwanted solicitations.

If you are getting calls or emails from companies you’ve never heard of and wondering how they got your name or number — or how they know what you’re interested in, the reason might be lead generation.

Today’s blog is meant to help you understand how they get your information in the first place:

Lead generation is when companies gather information that people submit, often from online forms or applications. Lead generators sell that information to other companies offering products or services those people might be interested in.

It’s your information getting collected and sold, and it might pass through a lot of hands along the way.

The upside is you might find out about products or services you’re interested in, and get deals you wouldn’t have heard about otherwise.

The downside is, even if you know you’re giving information to a lead generator — like a site that matches people seeking loans with lenders — you might not realize your info could be sold and resold. If it’s sold to anyone willing to pay for it, you might be contacted by all kinds of companies you’ve never heard of.

Sometimes, lead generation also results in deception or outright scams. Last year the FTC sued a company that got people’s information from online payday loan applications, then sold it to non-lenders who raided people’s credit and bank accounts for millions. In another case, a company settled charges that it used fake job ads to get leads for colleges and career training programs.

The key is–Before you fill out forms or applications on a site, find out more about the company — on the site itself, and by doing an online search for the company with words like “complaint” or “review.” How will they protect your information? And think long and hard before you give out your Social Security Number or bank or credit card information. In the wrong hands, they can lead to identity theft. If you think information you’ve already shared has been misused, report it right away to the FTC and local police.

For more on best practices in Identity theft protection, please visit www.hvshred.com or www.legalshred.com

Tips from Homeland Security for Identity Theft Protection

Posted on by Judith

We use this blog to share valuable resources for best practices in Identity Theft Protection.  This entry is adapted from a blog by Andy Ozment an Assistant Secretary, Cybersecurity and Communications.

According to Ozment, most of us have developed a very close relationship with our mobile devices: we carry them with us throughout the day, check them frequently, and even sleep with them nearby at night. Although mobile devices allow us to instantly connect with friends and family, to access the internet, get directions, and make purchases, this increased convenience also comes at an increased risk. Many of these online activities require us to provide personal information such as our name, email address, account number, and credit card information. This puts us at an increased risk of having this information compromised by cyber criminals.

The Department of Homeland Security is encouraging all Americans to follow these simple steps to ensure the security of their personal information online:

To keep your private information private, avoid sharing your full name, address, and other personal information online. Frequently check a website’s privacy options to ensure you have enabled the highest level of privacy as options may get updated or changed completely

The old “when it doubt, throw it out” guide works in this case.  Links in emails, tweets, posts, and online advertisements are often how cybercriminals compromise your computer or mobile device. If it looks suspicious, it’s best to delete it, even if you know the source. If appropriate, mark the message as “junk email” so that future messages from the sender do not end up in your inbox.

Passwords are key–make them strong. Setting passwords that are long, unique, and hard to guess is one of the most important things you can do to protect your online accounts. Changing passwords regularly and using different passwords for different accounts goes a long way to protecting your online information.

For any vulnerable accounts, ask for protection beyond passwords. Many websites now offer additional ways for you verify your identity are before you conduct business on their sites, such as two-factor authentication.

The same pertains to your mobile devices–In order to prevent theft and unauthorized access, use a passcode to lock your mobile device and always lock it when it’s not in use. Never leave your mobile device unattended in a public place.

For more on best practices for identity theft protection, please visit www.hvshred.com and www.legalshred.com

FBI Urges Victims of Ransomware to Report Incidents

Posted on by Judith

This week’s blog begins a several week series on Ransomware adapted from the Internet Crime Complaint Center. The mission of the Internet Crime Complaint Center is to provide the public with a reliable and convenient reporting mechanism to submit information to the Federal Bureau of Investigation concerning suspected Internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

In it’s most recent post, the FBI is urging victims of ransomware to report their experiences to federal law enforcement to help the Agency gain a more comprehensive view of the current threat and its impact on U.S. victims.

Ransomware is a type of malware installed on a computer or server that encrypts the files, making them inaccessible until a specified ransom is paid. Ransomware is typically installed when a user clicks on a malicious link, opens a file in an e-mail that installs the malware, or through drive-by downloads (which does not require user-initiation) from a compromised Web site.
Ransomware infections impact individual users and businesses regardless of size or industry by causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. While ransomware infection statistics are often highlighted in the media and by computer security companies, it has been challenging for the FBI to ascertain the true number of ransomware victims as many infections go unreported to law enforcement.

The FBI is urging victims to report ransomware incidents regardless of the outcome. Victim reporting provides law enforcement with a greater understanding of the threat, provides justification for ransomware investigations, and contributes relevant information to ongoing ransomware cases. Knowing more about victims and their experiences with ransomware will help the FBI to determine who is behind the attacks and how they are identifying or targeting victims.

What to Report to Law Enforcement
The FBI is requesting victims reach out to their local FBI office and/or file a complaint with the Internet Crime Complaint Center, at www.IC3.gov, with the following ransomware infection details (as applicable):
1. Date of Infection
2. Ransomware Variant (identified on the ransom page or by the encrypted file extension)
3. Victim Company Information (industry type, business size, etc.)
4. How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
5. Requested Ransom Amount
6. Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
7. Ransom Amount Paid (if any)
8. Overall Losses Associated with a Ransomware Infection (including the ransom amount)
9. Victim Impact Statement

More on the impact of ransomware in upcoming weeks.

For more information on identity theft best practices, please visit www.legalshred.com

Another Attempt to Use IRS to Scam

Posted on by Judith

This week we again adapt a post from a favorite resource–The FTC Identity Theft Blog.  In a September 1st blog, Andrew Johnson Division of Consumer and Business Education warns about the latest scammers posing as IRS agents calling with an issue.

Johnson’s advice–Don’t panic. And don’t return the call. It’s a scam.

Here are a few facts about the IRS to keep in mind if you get a similar call:

(1) If the IRS needs to contact you, they’ll do it by mail first.
(2) The IRS won’t demand personal information like credit card or Social Security numbers over the phone.
(3) The IRS won’t threaten to arrest or sue you, or demand that you pay right away.

(4)The IRS also won’t tell you to use a specific form of payment like a money transfer from MoneyGram or Western Union, a cash reload from MoneyPak or Reloadit, or a gift card from iTunes or Amazon. Scammers ask you to use those ways to pay because they’re hard to track or cancel payments.

If you or someone you know receives a call like this, report it the FTC and the Treasury Inspector General for Tax Administration (TIGTA). Include the caller’s phone number, along with any details you have. If you’re not sure whether a call is really from the IRS, you can double-check by calling the IRS directly at 1-800-829-1040. For more, check out this IRS imposter scams infographic.

Share with friends and family. They may get the call next.

For more on best practices to deter Identity theft, please visit www.legalshred.com

Tips To Avoid Medical Identity Theft

Posted on by Judith

The recent issue of Consumer Reports provided valuable tips on Medical Identity Theft.  According to the Ponemon Institute, a private security research firm, an estimated 481,657 new cases of medical identity theft were reported between 2013 and 2014, an increase of almost 22 percent.

To lower your risk, here are a few tips:

(1) Get copies of your medical records and add new information each time you receive treatment.  If your records are corrupted by a thief, you’ll have proof they were altered.

(2) Check your medical records at least once annually.

(3) Read every explanation of benefits (EOB).  If you notice anything fishy, call about it right away.

(4) Be careful with your Social Security Numer and Insurance ID number.  Only share when absolutely necessary.

(5) Never share your health data or personal information over the phone or via email unless you’re sure who you are communicating with.

(6) Ask your healthcare providers how they safeguard your information.

For more on identity theft protection best practices please visit www.legalshred.com

Be Mindful of Back to School Scams

Posted on by Judith

This week’s blog is adapted from a great resource we recommend–The Identity Theft Resource Center.  The days are getting shorter and Labor Day is 2 weeks away, so we turn our attention to the start of a new school year as a very busy time for both students and families and a perfect time for scammers to catch us off guard. With so much to do—registration forms, back to school supply shopping, even moving into a college dorm or apartment—it’s easy for something less than honest to slip in.

For younger students, one of the main culprits at this time of year is identity theft. Child identity theft has been rising steadily in the past few years because their credit scores are “clean slates,” and most parents never think to check their kids’ credit reports for signs of unusual activity. At the same time, everywhere you look, someone is requesting your child’s Social Security number, whether it’s a doctor’s office for a school checkup, a sports physical form for activities, or even the registration forms for the school itself.

No matter who is requesting your child’s personal identifiable information, you have to stop and ask yourself some key questions. Why do they need the SSN? How will they safeguard it, and who else can see it? How will it be stored so that no one in the school or doctor’s office can access it? If you don’t get solid information on those questions, think twice about handing it over.

Many of the back to school scams actually target older students, though, simply because they’re an easy target. College students who’ve left home for the first time might not be as prepared to spot a fraud attempt, and they have very specific needs now that they’re on their own. Scammers are prepared to act in a variety of ways, including:

  1. Work from home scams – College students are often broke, but with limited time on their hands and the demands of an academic schedule to shoulder, work from home opportunities might sound ideal. But most of these offers are not genuine. It’s that old “if it sounds too good to be true, it probably is”.
  1. Textbook rental scams – As sad as it is to say, there are people waiting to steal money from students who already don’t have much to spare. One prime example are textbook rental scams. These scams work because many schools and retailers do offer the option to pay to use your textbooks instead of buying them at full cost. Unfortunately, there are also scammers who set up fake websites or send out mailers, offering you every possible textbook but requiring a “registration fee,” money to secure the rental, or some other plausible fee.
  1. Online selling scams – Websites like eBay and Craig’s List are very helpful when it comes to buying or selling items that you no longer need. Unfortunately, there are a lot of scammers ready to cash in on the fact that college students might have a sudden need for an entire household of products: furniture, a bicycle to get around campus, a refrigerator for the dorm, and more.

Whenever you’re shopping through a legitimate used goods or direct-buy website or app, do your homework, be smart about your physical safety, and make sure you’re not being scammed. Never pay up front for the items or via money transfer, and only meet the seller in a public location; if in doubt about the offer, walk away.

No matter what time of year it is–the message is we need to stay on guard.

For more on identity theft protection, please visit www.legalshred.com