Back to School: College Students at Risk

Just as college students begin to hit the books, scammers and hackers are ready to steal their information and money. If you know a student, learn about the following scams so you can help:

Tuition Scam: Fraudsters call or email college students tricking them into believing that their tuition was not fully paid. They then threaten them with being dropped from classes if they don’t pay the owed amount.

Common ways scammers trick students into believing their tuition was not paid are a bounced check, scholarship cancellation, or the fact that loan payments never made it to the school. They will then persuade students to wire money to an account.

If a college student is being contacted about a suspicious bill they should go directly to the college office that deals with tuition payments to see if there is any truth behind the call or email.

College Student

Housing Scams: Scammers know that college students have just gained a new form of independence. They will target students looking for housing by posting online advertisements. Scammers are hoping that a student will wire a deposit to claim the housing before visiting the place. The student is then shocked when they arrive to the “claimed” or paid housing, to find out that it does not exist, or was never on the market in the first place.

College students need to visit any housing they are considering before giving away sensitive information or money. If they are out of state, they should have a trusted friend visit in their place to ensure the legitimacy of the advertisement or work with a reputable real-estate agency.

Scholarships: Thieves know that college students are looking to make college inexpensive. Targeting students that are actively searching for scholarships, scammers trick students into paying for information about a “scholarship” or for an application fee. In reality, they are getting the college student to supply their banking information for a quick payout.

Students seeking scholarships should research the legitimacy of the scholarship before giving away personal information and should not have to pay to apply. Keep in mind scholarships have selection parameters (i.e. high GPA, school year, etc.), so if a scholarship seems to be approved for everyone, be on alert.

Fake Job Offers: Scammers target excited and eager students looking for employment. They post fake job offers online waiting for young adults to provide sensitive information in hopes of landing their dream job.

Legitimate job offers will not ask for banking information or utility bills without an interview first. Scammers may ask college students to pay for specific software requirements, credit reports, or training sessions via wire transfers. Legitimate companies will not ask you to do this.

Remind college students that if a job offer seems too good to be true, it probably is. Always research the company to ensure its legitimacy.

Social Media Risk: College students are at risk of sharing too much information over social media. Thieves and hackers can access social media profiles and collect personal information. By collecting information about a college student, they can try to hack their way into sites by answering common security questions.

To help prevent thieves from obtaining a blueprint of their identity, college students should make their social media accounts private and limit the amount and type of information they are sharing with the world.

If you believe you or someone you know might have fallen victim to one of these scams, please contact us.


New EMV Cards: What You Need to Know

EMV_CardHave you wondered about those gold chips on the new credit cards? Seen people using them yet?

These new smart cards, chip cards, EMV cards, and/or chip-enabled cards use a small, embedded computer chip known as EMV (Europay, MasterCard, and Visa) technology to authenticate transactions.

European countries have used this anti-fraud technology for years, but it is finally coming to America to combat heightened security concerns due to large data breaches. The EMV technology makes it harder for thieves to counterfeit credit cards. Current American cards use a static magnetic strip, making it relatively easy for fraudsters to obtain the information needed to repeatedly misuse a card. With the EMV chip, a unique transaction code is created for each and every transaction, making it much more difficult to misuse use a credit card account.

Credit cards with EMV technology are not swiped like traditional cards. Instead, they need to be “dipped” into a credit card register or scanned using near field communication. A consumer then waits for the card to communicate with the store’s payment system and their bank to verify the card and create a unique transaction code. Chip cards will also have magnetic strips so they can be swiped at retailers not yet equipped with the new chip card payment devices.

Retailers across America are rapidly undergoing in-store enhancements to read these new chip cards. By the end of 2015, 59% of retail stores are expected to have deployed EMV technology.

According to Smart Card Alliance, approximately 120 million Americans have already received a credit card with an EMV chip. By the end of 2015, it is estimated that 575 million smart cards (debit and credit) will have been issued.

Find out more information about EMV technology.


In the News: Job Seekers Susceptible to Scams

Job SearchJob seekers can be stressed, desperate, eager, and excited all at the same time. Having a mix of emotions can be distracting, which makes job seekers susceptible to thieves who are waiting to take advantage of them. If you or someone you know is looking for a job, they need to be on alert for scams.

Current job seekers make themselves targets for scams and identity thieves by posting personal information on public job sites. Job seekers should make sure their information is only posted to sites with privacy policies and legitimacy, as well as limit the amount of personal information that is public.

Thieves will also tempt job seekers into giving away personal information through fake job listings on public sites or through direct email. Sophisticated scammers will pretend to be a contact from a legitimate company by changing their address to slightly mimic the company. For example, a legitimate business could be called xyz and have an email domain of The scammer could send an email from account that has or to fool the job seeker.

Most scammers will ask for bank account information, a copy of a utility bill, or a background check application (all of which include personal and sensitive information). Some scammers ask job seekers to pay for software requirements, credit reports, training sessions, and so on by wire transfers or asking for your credit information.

To help you stay alert and avoid falling victim to identity theft or scams, review these tips:

  • Never include your bank account number, driver’s license number, date of birth, Social Security number, or credit card numbers on your resume
  • Only post your information to legitimate and secure job sites and track the companies you have applied for jobs at so you know who you should expect communications from
  • Watch out for vague job requirements and job description posted or discussed during interview that anyone could qualify for
  • Always verify the legitimacy of a company
  • Look for unprofessional emails that include misspelling, grammar mistakes, punctuation errors, etc. or emails that come from a personal email account and/or do not include contact information
  • Be wary of online interviews via Yahoo Instant Messenger, many scammers use this method
  • Remember, if the job seems too good to be true, it’s probably fake


Do You Know Who Your Friends Are? Risky Social Media Habits Leave Millions Vulnerable to Identity Theft

NetworkBy: Christian Lees

Amid high-profile data breaches and identity fraud claiming a new victim every two seconds, a staggering number of Americans are engaging in risky social media behaviors that are increasing their vulnerability to identity theft, according to a national survey conducted by InfoArmor, which helps companies and individuals detect and manage emerging fraud.

The survey, designed to uncover the biggest myths and risks of social media use, revealed that nearly four out of five social media users indicated that half of their connections are not true friends.

A friend used to be a close, trusted source, but in social media, this moniker extends to casual acquaintances and to friends of friends who we may know very little, but with whom so much is shared. This is one reason why social media users are twice as likely to fall victim to identity theft.

While 59 percent of respondents say they would classify fewer than half of their contacts as true friends; 41 percent will “friend” a user based on a mutual connection.

The sheer volume of intimate information – names, pictures, emails, birthdates, work histories, family details – we share with people we don’t know is contradictory, considering that our single most common fear of social media is falling victim to identity theft. The study revealed that nearly 40 percent of respondents post three times per week and 20 percent post daily. Those under the age of 30 typically divulge the most information — including tagging “friends” in posts without their consent, sharing their work history and other highly personal information, posting photos while on a vacation, and even giving out their email, home address and more.

Privacy settings are providing a false sense of security. Respondents indicated a high degree of familiarity with privacy settings, but more than 40 percent of users rarely or never check their privacy settings. This increases to half among males. And, nearly half of users never clean out their followers or friends lists.

Social sites are constantly evolving their security policies and settings, so the onus is on the user to stay vigilant about security settings and who is in their social circles. With the copious amount of data social users sharing about their personal lives living online in perpetuity, the true impact of not utilizing privacy settings is unknown.

Although obtaining identity protection services is the strongest form of defense, here are some of the most important activities a user can independently undertake to protect their identity online:

  1. Live online like a biography, not a diary. Post only benign information.
  2. Check privacy settings frequently, especially after updates are released by social networks. The onus is on the consumer to utilize available tools to protect themselves
  3. Understand the short- and long-term risks of posting personal information. What ends up online can never truly be erased.
  4. Lead through example and teach children and teens not to overshare and take ownership of their personal information online.

With nearly 20 years in the information security industry, Christian Lees is chief technology officer and chief information security officer at InfoArmor. Click here to connect with Christian on LinkedIn.

In the News: How the IRS became a Victim

Data Hacker

The IRS recently announced cyber criminals were able to steal information from over 100,000 Americans’ tax returns. The thieves created phony returns and stole refunds by completing a multiple-factor authentication process including private data and non-identity information (e.g. social websites). As information-based crimes are on the rise, it is important to understand where criminals are retrieving this information. Below are five probable ways criminals obtained sensitive information:

  1. Purchasing personally identifiable information on the Dark Web
  2. Phishing attacks where criminals obtain information by tricking you into providing your information to a site that looks like a trusted company, but the URL is slightly different
  3. Obtaining information through your social networking sites and cookies to easily answer security questions on other websites
  4. Hacking and data breaches
  5. Inside sources (e.g. employees)

For details on how to fight back read more of ABC News article or call us at 800.789.2720

Source: ABC News

Protecting Your Privacy: Card Skimming

Recent inciCard Skimmingdents have highlighted the dangers of card skimming crimes. Card skimming occurs when a device is installed on card readers such as ATMs or gas pumps. Once installed it copies your card information while hidden cameras or viewers take note of the pin you enter.

To avoid becoming a victim of card skimming:

  • Look for signs that the ATM or gas pump has been tampered with —hanging wires, nuts or bolts that are out of place, etc.
  • Look for similarities of the card reader compared to the entire ATM or gas pump—color, plastic, etc.
  • If your card is not going into the machine smoothly, alert the bank right away
  • Check your bank and credit accounts regularly and report any suspicious activity
  • Check your InfoArmor Portal regularly for alerts, credit information, and tips
Source: NBC News

Secure Yourself with Two-Step Authentication

Password SecurityAs data breaches are increasing and thieves are finding more ways to hack into systems and accounts, it is more important than ever to take necessary steps to protect yourself.

One way to prevent unauthorized access is to create complex passwords that include multiple characters, numbers, and symbols.

Furthermore, some systems and applications are now allowing you to set up two-factor authentication to prevent unauthorized access to your account.

Two-step authentication will better protect you by requiring a second piece of information, after you have entered your password into their system. Two-factor authentication is made up of a memorized password (the knowledge

factor) and a second piece of information that you have (the possession factor). A popular two-step authentication is a real-time text message with a unique code that is only sent to the owner of the phone and account. You are extra secure if you have a passcode for your phone too!

Although it may seem tedious to access your account with two-steps, it’s better than having your account hijacked or breached!

Mario Aguilar has provided a list of popular providers who currently have two-factor authentication implemented into their systems. Some of these companies include: Apple, Yahoo!, Dropbox, Google, PayPal, banks and more. Click here for more information on two-factor authentication and how to step it up on accounts.


CyberWars: HR Professional’s Role in Our New Reality

When it comes to privacy protection, 2014 was a year of contradiction. The number of data breaches in the United States hit a record 783 – up more than 27 percent from the previous year – while 3 percent fewer individuals were victimized by identity fraud during the same period of time.

While the drop in individual cases of identity fraud could be construed as a positive sign, it is certainly no reason to celebrate. Some 12.7 million Americans were robbed of their personal information in 2014 and security concerns are mounting among corporate executives. It’s because even firms with the most sophisticated ID departments are no match for savvy hackers whose potential to wipe out computer servers, files and employee records is real – and growing.

HR and benefits professionals can play an important role in defending their clients against this 21st-century crime by understanding the depth and breadth of the problem, along with ways to safeguard both personal and company information.

Cyber Attacks on the Rise

The numbers are staggering. On average, individuals victimized by identity theft pay $201 in remediation, while organizations pay an astounding $5.9 million. What’s more, business profits can plummet by as much as $3.2 million because of cyber-crimes.

That’s just what happened to Anthem – the latest company to be hit as part of the growing wave of cyber-attacks.

But numbers alone don’t tell the story. In a just-released commentary, our own Drew Smith explains the impact of identity fraud on employee productivity and hacked companies’ reputations.

Despite ID fraud’s meteoric rise, he says individuals and companies can fight back.

Read the full article here.

For more information about InfoArmor’s Identity Protection visit our website.


InfoArmor_Year of the Breach


Companies Are Tracking Employees to Nab Traitors

BossWatchingCompanies are increasingly becoming aware that their employees can become significant threats to their organization. While most threats come out of innocent actions by employees, some acts are deliberate attempts to compromise a company’s security.

In an effort to identify threats and their sources, employers are engaging firms which can provide monitoring services on employee activity that could potentially cause harm and disruption to the company.

This type of monitoring involves looking at employees’ email patterns and work habits, especially given that many crimes are initiated by cyber thieves who have access to employee email or credentials.

The software-based technology involved identified activities (e.g., logs in, program usage, company databases access and external websites browses) that seem out of the normal pattern of work.

While this may seem a little Orwellian, companies are faced with needing to delicately balance data protection with maintaining employee confidence and protecting their assets.

Companies that offer this technology stress that the programs have safeguards built in to protect employee privacy. This is a new era of constant breaches and cybersecurity concerns and companies are turning to innovation to help them find solutions.

Bloomberg Business recently posted an article about the issue: