Elder Fraud Expert Answers: What are the Most Common Schemes?

senior on internet ccIn our previous blog we talked about why senior citizens have become such a target for con artists and even unscrupulous relatives to commit elder fraud and take their hard-earned money.   We also talked about signs that they may be being duped.  Today, we want to make you aware of the variety of schemes that are out there.  This is by no means a complete list, but will give you a pretty good idea of what to watch for.

Common schemes:

  • The “Grandparents Scam”: someone phones or e-mails and pretends to be a grandchild in trouble. The elderly person, who may not have much contact with their grandchild, might be convinced and may wire money or send a prepaid debit card to help.
  • Offers of “freebies”: the Better Business Bureau of eastern Michigan reports that scammers now are offering seniors $3,000 in “free groceries savings certificates” along with a free medical alert bracelet. The scam may lure people to give away bank account information.
  • Enticing links on websites lure inexperienced seniors into divulging personal information.
  • Con artists may attend the funeral service of a stranger claiming that the deceased had an outstanding debt with them.
  • Reverse mortgage scams: the FBI reports that victims are offered free homes, investment opportunities and foreclosure or refinance assistance.
  • Thieves steal personal information and contact the Social Security Administration to change the payment routing information to the thieves’ own bank accounts or prepaid debit cards.
  • Fake lottery/sweepstakes: seniors are enticed into buying inexpensive knick-knacks or magazine subscriptions (which they do receive) in order to be entered into a contest.  Another variety is they receive an official looking check saying they’ve won a foreign lottery.  In both cases, they are asked to give up personal information to proceed.
  • The discount prescription scam: seniors are offered prescription drugs at a significant discount, but are required to pay a $200 membership fee or give up their credit card information.
  • The “credit card company” calls:  a polite caller says he’s from the senior’s credit card company and is investigating a possible fraudulent purchase. He even IDs the last four digits of the charge card as proof. When the senior denies making the purchase, the caller offers to reverse it immediately, but asks for the verification code on the back of the credit card.
  • Door-to-door solicitors ask for donations on behalf of charitable organizations.
  • Telemarketing fraud: according to the National Consumers League, nearly a third of all victims are age 60 or older. Studies by AARP show that most older telemarketing fraud victims don’t realize that the voice on the phone could belong to someone who is trying to steal their money.
  • Medical Equipment Fraud: equipment manufacturers offer “free” products, such as wheelchairs or oxygen tanks, to individuals. Insurers are then charged for products that were not needed and/or may not have been delivered.
  • “Rolling Lab” Schemes: unnecessary and sometimes fake tests are given to individuals at health clubs, retirement homes, or shopping malls and billed to insurance companies or Medicare.
  • Services Not Performed: Customers or providers bill insurers for services never rendered by changing bills or submitting fake ones.

This list truly only scratches the surface of what is out there, but it gives you a good idea of just how vigilant seniors and their caretakers need to be.  In our next blog, we will provide a list of what seniors need to do to prevent becoming a victim of scams and what to do if it does happen to them.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Elder Fraud Expert Answers: Why Are Senior Citizens Targeted?

senior id theft1

Imagine spending your whole life working hard, saving wisely and spending conscientiously—only to have your comfy “nest egg” taken away by unscrupulous scammers or even your own greedy relatives in your golden years.  Sad to say, this is a scenario that is far too common; up to 80% of scam victims are over 65, according to the U.S. Federal Trade Commission. A 2009 study by MetLife’s Mature Market Institute estimates that seniors lose approximately $2.6 billion per year to elder fraud, or what they call financial abuse, meaning fraud by outside scammers or theft by family members and acquaintances.

And this issue will take on even more importance in the years to come as the senior population in America grows.  According to the U.S. Census Bureau, there were 37.3 million people 65 and older in the United States as of 2006.  This group is expected to double in size within the next 25 years. By 2030, almost 1-out-of-5 Americans – some 72 million people- will be 65 years or older.

A scan of recent alerts from the Senior Journal shows a wide variety of areas that require constant vigilance:

By definition, Elder Fraud targets seniors, but why?

  • Senior citizens are most likely to have significant savings, to own their home and/or to have excellent credit—all very desirable to criminals.
  • People who grew up in the 1930s, 1940s, and 1950s were generally raised to be polite and trusting.  They are less likely to be suspicious of a nice salesperson, say no or hang up on pushy telemarketers.  There is even a study showing that we get more trusting as we age.  Through MRI testing, researchers at  the University of California, Los Angeles found that the area known as the anterior insula, which is associated with “gut feelings,” became more active in the younger subjects at the sight of an untrustworthy face. Older subjects, however, showed little to no activation in this area.
  • Seniors can be less comfortable with technology and inadvertently share information online or click on links that makes them vulnerable.
  • Criminals know that seniors are less likely to report a fraud.  This could be either because they don’t know who to report it to, are too ashamed at having been scammed, or don’t even know they have been scammed. Many are afraid to appear as if they have lost the ability to make sound decisions to their relatives, so they just keep it to themselves.
  • If an elderly victim does report the crime, scammers know that they often make poor witnesses.   The effect of age on memory combined with the amount of time that often passes between the crime, the realization, and actually acting on it makes it difficult for elderly victims to supply enough detailed information to investigators.
  • Senior citizens are more interested in and susceptible to products promising all sorts of wonderful results, from anti-aging creams to improved memory to medical cures.  In a world full of the miracles they’ve witnessed in their lifetimes, nothing seems too good to be true.  And if they can get a bargain on it, so much the better!

Elder Fraud Warning Signs:

  • You notice an excess amount of ATM or bank account withdrawals, perhaps even exceeding the daily maximum allowed on that account.
  • The senior is bouncing checks, which might indicate an unexpected loss of money.
  • There are debit transactions that don’t seem to make sense for an older adult.  Also, there may be debits that the person can’t remember or explain.
  • The older adult may be suddenly wiring large sums of money or writing large checks.
  • He or she may close a certificate of deposit, even though a large penalty would be paid for early withdrawal before that CD matured.
  • The bank is unable to speak directly with the older adult, despite repeated attempts to contact him or her.
  • A “new friend” suddenly begins handling the money for a senior.
  • The senior receives excessive amounts of junk mail.  (Once a senior takes the bait for one scam, thieves sell the person’s name, address and telephone number, and fake mailings proliferate.)
  • The phone rings excessively with sales calls.
  • He or she may be having difficulty buying groceries and paying bills.
  • They seem to receive lots of cheap items such as costume jewelry, beauty products, water filters, and knick-knacks that they bought to win something or received as prizes.

Tomorrow, we will outline common schemes that are used to prey on senior citizens.

John Sileo is an author and highly engaging speaker on fraud, internet privacy, identity theft and technology security. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 MinutesAnderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Cyber Security Webinar: What You Absolutely, Positively Need to Know (10/3/13)

register.jpg

Register Now for Deluxe/Sileo’s Free Cyber Security Webinar

On October 3, 2013 at 1pm ET, Deluxe and data privacy expert John Sileo will present a FREE Cyber Security Webinar – What You Absolutely, Positively Need to Know.

A 2012 survey by the highly respected Ponemon Institute found that 55% of small businesses had experienced at least one data breach in 2012. At the heart of this massive data loss is lax cyber security: an overly broad term that will no longer intimidate you after this webinar. Technology has evolved so quickly that many businesses and individuals find themselves behind the digital curve and overwhelmed by the prospect of protecting the very data that underlies their wealth. While in this state, decision makers tend to shut down, make excuses and assume that there is no reasonable, inexpensive way to protect themselves and their business. That assumption is not only wrong, it is dangerous.

This Webinar is designed to get you over the all-or-nothing hump when it comes to securing your cyber assets. In other words, you don’t have to “do everything” to be safe and you don’t have to spend profusely to get the job done well. Wise investment in the right places is both effective and critical.

In this FREE Deluxe Webinar, Cyber Security:. What You Absolutely, Positively Need to Know, you will learn changes you must make to protect 7 critical areas:

  • The human element. All security begins with the decisions we make. The best technology in the world is useless if it is used incorrectly.
  • Inside your network. Protection begins with the computing fabric, routers, hardware and firewalls, that support your network.
  • On your computer. This is where attention to detail makes the difference – at the point where business transactions take place across many devices.
  • As you go mobile. Before the decade is out, every type of data will be accessed from mobile devices. Prepare or beware.
  • When connecting wirelessly. An outgrowth of the mobile movement, secure connectivity over Wi-Fi, Bluetooth and other technologies is imperative to the privacy of your mission critical communications.
  • While transacting online. How you surf and what tools you utilize to navigate eCommerce safely make all the difference in the world.
  • In the cloud.With great power comes risk and responsibility. Informed decisions count as you migrate to web-based software to power your business.

register.jpg

John Sileo is a keynote speaker on identity theft, cyber security, online privacy and internet reputation. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. Recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

WWBD? (What Would Bond Do?) Five Steps to Secure Your Business Data

I finally got around to watching the latest 007 installment, Skyfall, and it appears even James Bond has entered into the world of Cyber Crime as he tries to protect a computer drive with a list of British agents from falling into the wrong hands.  And like the proverbial victims in a James Bond flick, you and your business data are under assault, even though it may not always be as obvious as getting thrown off a train.  Why?  Because your business data is profitable to would-be thieves. And for many of those thieves, that data is easy to get and the theft can be next to impossible to trace.

Sony PlayStation Network, Citigroup, Lockheed and several others have seen more than 100 million customer records breached, costing billions in recovery costs and reputation damage.  If it can happen to the big boys, it can happen to you.  If you don’t have Bond on your side fighting off the villains, take these steps to take to secure your business data:

Involve your employees. No one in your organization will care about data security until they understand what it has to do with them. So train them to be skeptical. When they’re asked for information, teach them to automatically assume the requestor is a spy. If they didn’t initiate the transfer of information (e.g., someone official approaches them for login credentials), have them stop and think before they share. Empower them to ask aggressive questions. Once employees understand data security from a personal standpoint, it’s a short leap to apply that to your customer databases, physical documents and intellectual property. Start with the personal and expand into the professional. It’s like allowing people to put on their own oxygen masks before taking responsibility for those next to them.

Stop broadcasting your digital data. Wireless data leaks two ways: the weakly encrypted wireless router in your office and the unprotected wireless connection you use to access the Internet in an airport, hotel or café. Have a security pro configure the wireless router in your office for WPA-2 encryption or better and perform a thorough security audit of your network. To protect your data on the road, set up wireless tethering with your mobile phone provider and stop using other people’s hot spots.

Eliminate the inside spy. Perform serious background checks before hiring new employees. The number one predictor of future theft by an employee is past theft. Follow up on the prospect’s references and ask for some that aren’t on the application. Letting prospective hires know in advance that you will be performing a comprehensive background check will discourage them from malfeasance.

Don’t let your mobile data walk away. Up to 50 percent of all major data breach originates with the loss of a laptop, tablet or mobile phone. Either carry these on your person (making sure not to set them down in airports, cafes, conferences, etc.), store them in the hotel room safe, or lock them in an office or private room when not using them. Physical security is the most overlooked, most effective form of protection. Also, have the security pro mentioned earlier implement strong passwords, whole disk encryption and remote data-wiping capabilities. Set your screen saver to engage after five minutes of inactivity and check the box that requires you to enter your password upon re-entry.

Spend a day in your dumpster. You may have a shredder, but the problem is no one uses it consistently. Pretend you are your fiercest competitor and sort through outgoing trash for old invoices, credit card receipts, bank statements, customer lists and trade secrets. If employees know you conduct occasional dumpster audits, they’ll think twice about failing to shred the next document.

Take these steps and you begin the process of starving data thieves of the information they literally take to the bank.  It will be a lot easier to sit back and relax- maybe even have a shaken martini- when you know your business is secure.

James Bond martini

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

 

 

 

 

 

 

Anti-fraud training could keep you from getting peeled like The Onion

The Syrian Electronic Army strikes again, in a case that could have been avoided through anti-fraud training. 

Satirical news site The Onion has a reputation for fooling people with its outrageous fake headlines, but earlier this month, it was The Onion’s turn to get tricked. It may not be the Associated Press, but The Onion’s Twitter feed has more than 4 million followers, and that’s undoubtedly part of why the SEA targeted it in another phishing scam that led to that account getting compromised. As it had previously, the SEA used the opportunity to post its own damaging tweets before order was restored (although one questions the wisdom of crafting fake posts for an organization known for being sarcastic anyway).

On its official tech blog, The Onion gave a detailed description of how the hack took place.

  1. First, the SEA sent emails with disguised links to different members of the organization— these links redirected users to a fake prompt to enter login information. Although the blog reports that most didn’t fall for the scam, at least one apparently did, and that was all it took.
  2. The hackers then used that employee’s account to send the phishing email to more Onion staff members.  That email, seeming more credible coming from a trusted account, got a lot more employees to click.
  3. Two of those employees fell for the request to enter login information, but one of those two had access to all of the Onion’s social media accounts.
  4. Using that login information, the hackers had the key they needed to start tweeting fake information as The Onion.
  5. Even after The Onion adjusted its password, the SEA was able to strike again and phish a few more employees, despite efforts to kick out the intruders.

These aren’t very sophisticated methods. The hackers probably wouldn’t have succeeded if The Onion had followed the anti-fraud training advice they later offered on their site.

A Crash Course in Anti-Fraud Phishing Training

  • If you don’t recognize the sender, or are suspicious, don’t click on any links in emails or social media posts. If it comes from an unidentified source or seems suspicious,  everyone in your network not to click.
  • Use the Hover Technique: when you hover over the link or the image with an embedded link, does the URL match the place where you think you are going? For example, if it looks like you should be going to The Washington Post but when you hover over the link it reads something entirely different, you know that you will likely be redirected to a website that will either request that you fill in confidential information or will install malware on your system.
  • Confirm the supposed source. If a link looks dodgy but comes from a trusted email contact like a co-worker, send a separate message in reply or call to confirm.
  • Use a social media aggregator app like HootSuite, as those programs allow you to restrict user-based access and control the damage more quickly. It also keeps the hacker from taking over total control of the account.
  • Don’t use company email addresses to register your Twitter or other social media accounts. By using a separate email (e.g., a Gmail account setup only for the purpose of that one social networking account), you quickly limit the damage creep of registering everything with a single, organization-based email.
  • Make sure you are using long, strong and site-specific passwords for every account).

Tips to avoid getting hacked that you should not take seriously, also courtesy of The Onion, via National Public Radio:

  • Move site to a new web address every few minutes.**
  • Reduce interest in your website by avoiding popular subjects.***
  • If you receive an email asking for your password, dig deeper by entering information.****

[**This is impossible.]
[***This is inadvisable if you want anybody to read your site.]
[****No, no, no, no, no.]

Luckily, The Onion caught the breach fairly quickly before too much damage was done.  It was then in a unique position to respond and was soon back to doing what it does best—cracking jokes about the incident. Without anti-fraud training, your company might not be so lucky and it won’t be a laughing matter.

John Sileo is an anti-fraud training expert and in-demand speaker on digital reputation, identity theft and online privacy. His clients include the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.