Do not open these emails or click on any links.  This email technique is known as “phishing” and is designed to steal your personal information.  Sometimes when you click on a phishing link, it will surreptitiously install malware on your computer that copies your keystrokes as you enter passwords. Sometimes, you will be directed to a site that seems to be the official site of the Better Business Bureau, your bank or even the Internal Revenue Service.  Then it will ask you for all kinds of personal information and steal your identity.

Click here for some tips from the Federal Trade Commission to help you avoid phishing and identity theft.

Other popular phishing emails have titles such as: Rejected ACH Transfer; Federal Tax Transfer Rejected; and Direct Deposit #123456 Declining.

It is essential  to have good anti-spam and anti-virus software, and if you don’t have an Information Technology department, you should investigate an IT consultant that will help you protect yourself and use best practices.

Related articles

• Malware: BBB “Complaint from your customers” and billycharge.com (wales4u.wordpress.com)
• Better Business Bureau Warns About Scam Emails (newyork.cbslocal.com)
• The Consumer Financial Protection Bureau and Other Ways to Submit Consumer Complaints (savings.com)
• Avoiding Identity Theft from Phishing Scams (turbotax.intuit.com)

Oh when will they ever learn?
(Pete Seeger – Where Have All the Flowers Gone, Copyright 1961 (renewed) Fall River Music Inc.

It seems that internet and social media titans Google and Facebook have once again, to no one’s surprise, gotten themselves in some hot water with the FTC and some privacy watchdogs again. They just can’t seem to get the hang of this “privacy” thing. Hence the start of this post.

Google has settled with the FTC over a little faux pas concerning its fabulously fizzled BUZZ service. Trying to combine the best of Facebook and Twitter, they announced BUZZ with typical Google style and fanfare, and just to be hip, they phrased their sign up options thusly:

“Sweet! Check out Buzz”

Or

“Nah, go to my inbox”

Minor problem: The “Sweet!” option gave less than a full and transparent statement of the degree to which users’ information would become public. In essence, Buzz capitalizes on all those emails you never deleted, scanning them for connections that you have or might want to make, or something like that. In other words, they use your private information to build a public social network. I’m sure they studied the 2009 Facebook Privacy policy fiasco in detail, but apparently concluded that Google and BUZZ were somehow “different” as in not subject to the same rules and regulations as their competitors. When folks started to realize that their private information was being shared far more than the casual “Sweet – Check out Buzz” message indicated, they were less than amused, but then, as they dug further they discovered that checking the “Nah” box did not have the effect one might have expected either. Notwithstanding a clearly checked “Nah” box, Google dutifully went right ahead and collected all sorts of information about the non-subscribers, perhaps with the thought that they would be pleased to see all that information stored and ready to go once they finally decided to join the flood of ecstatic BUZZ users, now measuring in the hundreds, or even thousands.

For its thoughtful and condescending violation of its users’ privacy expectations, Google was invited to discuss their philosophy of privacy with the FTC in court, leading to a proposed consent order that requires Google to submit to rigorous FTC audits for the next 20 years.

Facebook’s latest gaffe was to introduce its facial recognition capability as an “Opt Out” feature in June. Described by PC Magazine as “Creepy” and “terrifying,” Facebook’s tool works in the background scanning and analyzing the 200 million or more pictures uploaded every day by its 600 million users. By comparing faces in the pictures in its database with pictures in which your friends have “tagged” you, or you have tagged yourself, Facebook develops an incredibly powerful capability to analyze your movements, your activities, and your associations. Of course, by participating in Facebook in the first place, you already give them a lot of raw material, but this new tool goes one step farther. And it’s a big step.

Even if you opt out, how can you know whether Mr. Zuckerman’s elves won’t continue to analyze your photos with this capability. Or, having opted out, what if being tagged in one photo with one “suspect” and in another with a different “suspect” might provide a link that law enforcement officials would just about do anything to know. Did I say ‘suspect”? Sorry – I meant “subject.” Facebook is not a government agency of course. But then, what, if any, new surveillance capability has not eventually been commandeered by law enforcement, with or without a warrant? I’m not sure I would want to count on Facebook not to give up the goods if the FBI or Homeland Security brought enough pressure to bear. In fact, their privacy policy pretty much makes it a foregone conclusion:

6. How We Share Information

 

 Facebook is about sharing information with others — friends and people in your communities — while providing you with privacy settings that you can use to restrict other users from accessing some of your information. We share your information with third parties when we believe the sharing is permitted by you, reasonably necessary to offer our services, or when legally required to do so. For example:

……..

To respond to legal requests and prevent harm. We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters) if we have a good faith belief that the response is required by law. This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.

Time will tell whether Facebook and Google use these powerful capabilities for good or evil, but they are here to stay, and growing everyday. Even if there is little you can do to block their intrusive reach, you owe it to yourself to actually read the privacy policies of Facebook and any other site to which you submit personal information.

How carefully are you reading the Terms of Service and Privacy Policies of the online sites you frequent?

Do you wear seatbelts? Avoid raw eggs? Get a flu shot? In other words, do you behave in ways aimed at protecting your safety and your overall health? Now answer this: Do you have a password on your mobile phone? Do you tell your social networking sites where you are?

If so, you’re not as safety-conscious as you thought. You’re opening yourself up to a burgeoning world of cybercrime that is possible through mobile devices. And you are far from alone.

I collaborated with Norton and Javelin Strategy & Research on a piece of research called the Connected but Carelessstudy, which was released today, to figure out just how open Americans are leaving themselves to cyber crime. The survey of 1,000 Internet users pointed to three specific potential security gaps.

• Unprotected devices About one-third of the folks surveyed access the Internet via their mobile phone. And more than half of those do not have a password protecting the device. Think about what happens if you leave that phone in a cab. Not only does the person who find it have access to your entire contact list, he may be able to read emails that come from your bank, phone providers, and retailers you’ve made purchases from. Just like dumpster diving identity thieves are able to apply for credit in your name based on information they pull out of your trash or your mailbox, one who snags your phone could do the same.
• Your whereabouts. Changing your status or sending out a 140-character blast to reveal details about where you are — “In Jamaica and it’s 80 degrees. Lucky me!” or “Stuck in horrific traffic and won’t be home in time for Top Chef” – is akin to leaving a stack of newspapers in your driveway. You’re telling anyone who wants to rob your house that you’re a.) not there right now and b.) won’t be there for a while. Posting vacation pictures to your social networking site can do the exact same thing. In fact, the survey showed one-in-10 of people polled under the age of 35 had posted location-revealing information online within the hour of being surveyed. And that’s without the aid of geolocation technology that allows a website to know exactly where you are. Only 15% of those surveyed understood that concept well enough to explain it. 
• Password malaise. This may be the most frightening of all: 42% of the survey population never changes their passwords on social networking sites and 31% never changes them with their banks. As if that weren’t enough, many of those passwords are not strong enough to begin with. It’s amazing to me that even in this day and age, the most popular password – according to consumer advocate Herb Weisbaum – is, wait for it, 123456. C’mon. Your passwords should be 10 characters, a combination of letters and numbers that have absolutely nothing to do with your real life. (No pet names, child names, birthdays.) And you should change them every few months without fail. Why? Because 66% of consumers would rather have bedbugs than be a victim of cybercrime – which costs hundreds of dollars and takes a full month to unwind, on average. Changing a few simple behaviors can help.

If you believe you are the victim of identity theft, here are the Federal Trade Commission’s immediate steps. If your business handles personally identifying information, here are some guidelines for protecting that information.

How would you like to send this notice to your 450,000 customers, the state’s consumer protection agency and your shareholders?

CBS news recently bought four used copier machines to see what was on the hard drives. CBS then downloaded a forensic software program from the Internet to “read” the hard drives of the copiers:

The results were stunning: from the [Buffalo, NY police department] sex crimes unit there were detailed domestic violence complaints and a list of wanted sex offenders. On a second machine from the Buffalo Police Narcotics Unit we found a list of targets in a major drug raid.

The third machine, from a New York construction company, spit out design plans for a building near Ground Zero in Manhattan; 95 pages of pay stubs with names, addresses and social security numbers; and $40,000 in copied checks.

But it wasn’t until hitting “print” on the fourth machine – from Affinity Health Plan, a New York insurance company, that we obtained the most disturbing documents: 300 pages of individual medical records. They included everything from drug prescriptions, to blood test results, to a cancer diagnosis. A potentially serious breach of federal privacy law.

Although many copiers have features to encrypt or erase scanned images, they often are not used, leaving companies at risk of releasing confidential information. As a result of the CBS reporting, a New York insurance company had to notify its insured and regulators that it had potentially revealed customer medical records. Other companies are at risk.

The Federal Trade Commission, the federal consumer watchdog, is going to investigate security breaches of this sort. Here are some tips for dealing with data breaches. If your business has been hacked or otherwise released private information, contact your business attorney to determine if you have any mandatory reporting obligations.

And when you are replacing a copier or scanner, contact an IT professional to “scrub” the hard drive.

ECMC notified approximately 3.3 million people that their information may have been compromised and is offering to pay for a year of credit monitoring services for those affected.

These types of notices shake people up; they are unsure whether this information has been used or sold to scammers and they are equally unsure how to find the truth.

If you believe you are the victim of identity theft, here are the Federal Trade Commission’s immediate steps. If your business handles personally identifying information, here are some guidelines for protecting that information.

FTC Fraud Alert on Work From Home Scans (video)

The best advice I can give in evaluating business opportunities is:

• If it sounds too good to be true, it probably is. There are no easy ways to make money and there are no businesses with guaranteed results.
• This is a good time to have an attorney and accountant on your team to help you evaluate the opportunity.
• Ask for a disclosure document, which should be filed with either the FTC or the North Carolina Secretary of State. This will list company information, a list of previous purchasers of the opportunity and a list of lawsuits filed against the company.
• If there are any representations about earnings, get these in writing. This is usually a separate document from the disclosures.
• Interview previous purchasers in person, even if they work from home. Scam opportunities give you references who are part of the scam. You need to look them in the eye and evaluate their trustworthiness.
• Resist high-pressure sales tactics. Scammers will often say there are limited opportunities in your market, this offer is only good for a short time, there are other people who are serious and who won’t waste their time investigating. Does it really sound reasonable to respond to an internet ad, television ad or email, talk to someone for 30 minutes about your business and financial security, call some people recommended by this person, and write a check for $50,000?
• If you are suspicious, contact the FTC, the Secretary of State, the Better Business Bureau and research the company extensively online.

The fraudulent letters were sent out with what appears to be an SBA letterhead to small businesses across the country, advising recipients that they may be eligible for a tax rebate under the Economic Stimulus Act, and that SBA is assessing their eligibility for such a rebate. The letter asks the small business to provide the name of its bank and account number.

These letters have not been sent by or authorized by the SBA, and all small businesses are strongly advised not to respond to them.

The scheme is similar in many ways to e-mail scams often referred to as “phishing” that seek personal data and financial account information that enables another party to access and individual’s bank accounts or to engage in identity theft.

The SBA is working with the SBA Office of Inspector General to investigate this matter. The Office of Inspector General asks that anyone who receives such a letter report it to the OIG Fraud Line at 1 (800) 767-0385, or e-mail at OIGHotline@sba.gov.

It should be second nature by now, but here are some tips from the Federal Trade Commission to protect yourself against phishing:

• If you get an email or pop-up message that asks for personal or financial information, do not reply. And don’t click on the link in the message, either. Legitimate companies don’t ask for this information via email.
• Area codes can mislead. Some scammers send an email that appears to be from a legitimate business and ask you to call a phone number to update your account or access a “refund.” Because they use Voice Over Internet Protocol technology, the area code you call does not reflect where the scammers really are. If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card. In any case, delete random emails that ask you to confirm or divulge your financial information.
• Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly. Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge.
• Don’t email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization’s website, look for indicators that the site is secure, like a lock icon on the browser’s status bar or a URL for a website that begins “https:” (the “s” stands for “secure”). Unfortunately, no indicator is foolproof; some phishers have forged security icons.
• Review credit card and bank account statements as soon as you receive them to check for unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
• Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.
• Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.
• If you believe you’ve been scammed, file your complaint at ftc.gov, and then visit the FTC’s Identity Theft website at www.consumer.gov/idtheft. Victims of phishing can become victims of identity theft. While you can’t entirely control whether you will become a victim of identity theft, you can take some steps to minimize your risk. If an identity thief is opening credit accounts in your name, these new accounts are likely to show up on your credit report. You may catch an incident early if you order a free copy of your credit report periodically from any of the three major credit bureaus. See www.annualcreditreport.com for details on ordering a free annual credit report.

Local economists and the likes of Business Week and CNBC have been telling us that Durham is better positioned economically than most areas to survive the recession because our main industries are higher education and medicine. In line with this thinking, foreclosure filings actually decreased in Durham County from 1,706 in 2007 to 1,678 in 2008.

Those statistics don’t matter, however, if you are facing foreclosure. If you are having trouble meeting your mortgage payments or other bills, here are a few tips:

1. Cut unnecessary expense and trim your spending.
2. Look for additional income (part-time job).
3. Stay in contact with your lender. Make what payments you can and be up front with them about your situation and ability to pay. Then do exactly what you said you would do.
4. Open your mail, even if you can’t pay all your bills. You need to know what is going on. The lender/creditor might have sent you information on programs it has to help folks in your situation.
5. Know your rights. Even though you are behind, you do should not be harrassed, threatend or cursed at. Here is the federal law that governs all debt collections.
6. Be very leery of organizations or companies that say they can re-negotiate your loan, or reduce your interest payments. Unfortunately, many of these companies are not legitimate, and will simply take your money without doing anything.